Professional Documents
Culture Documents
VOS Registration and Security r283-04
VOS Registration and Security r283-04
Stratus Technologies
R283-04
Notice
Contents
Preface
ix
1-1
1-1
1-2
1-2
1-2
1-3
1-3
1-3
1-4
1-5
2-1
2-1
2-1
2-2
2-3
2-4
2-5
2-6
2-6
2-7
2-8
Contents
iii
Contents
iv
3-1
3-1
3-2
3-2
3-2
3-3
3-4
3-5
3-5
3-6
3-7
3-7
3-8
3-9
3-9
3-9
3-10
3-11
3-13
3-13
3-13
3-16
3-17
4. Registering Users
The Registration Databases
Adding a User to the System
Setting Up Home Directories
Deleting a User from the System
Changing a Current Users Data
Listing Registered Users
Managing User Passwords
Security
Restricting Passwords
Compatibility
Updating the Registration Database
4-1
4-1
4-3
4-4
4-7
4-8
4-9
4-9
4-9
4-9
4-11
4-12
Contents
5. Managing Security
The Security Logging Facility
Security Log Message Format
login Command Error Messages
FTP Daemon Error Messages
System Auditing
Event Types
Auditing Users and Processes
Auditing Objects and Internal Commands
Event Entries in System Logs
Event Messages in the syserr_log.(date) File
Event Messages in the security_log.(date) File
Preventing Unauthorized FTP Access
Restricting User Passwords with set_password_security
Controlling Access with the login_admin Command
Limiting the Number of Users
Requiring a Special Password
Preventing Specified Users from Logging In
Removing Login Restrictions
Controlling Module Use with the logout_admin Command
Process Directory Management
RADIUS Support
Components
Commands
Configuration Files
Include Files
Queues
Subroutines
Configuration
RADIUS Server Queues
User Registration
Valid User Names
Valid Passwords
Registering Users for RADIUS Authentication
Registering Users for VOS Authentication
VOS RADIUS Authentication Server Messages
The basic Level Messages
The major Level Messages
The detail level Messages
Testing VOS RADIUS Support
RADIUS Server Communication Notes
Access-Request Packets
Access-Challenge
Restrictions
5-1
5-1
5-3
5-4
5-5
5-6
5-6
5-7
5-7
5-8
5-8
5-9
5-11
5-13
5-13
5-13
5-14
5-14
5-14
5-14
5-15
5-15
5-16
5-16
5-16
5-16
5-17
5-17
5-17
5-20
5-21
5-21
5-21
5-21
5-22
5-22
5-23
5-24
5-25
5-25
5-30
5-30
5-31
5-31
Contents
Contents
6. Command Overview
accounting_admin
audit_admin
configure_commands
create_user_sysdbs
display_registration_info
log_registered_users
login_admin
logout_admin
notify_security_violation
radius_admin
radius_auth_server
registration_admin
Adding a New User
Updating a Users Registration Information
Deleting a Users Registration Record
Processing Additions and Deletions as a Batch
Listing Registered Users
security_admin
set_object_audit
set_password_security
set_priority
set_process_audit
set_registration_info
update_password_info
wait_for_overseer
wait_for_tp_overseer
7. Subroutines
s$get_registration_info
s$perform_ext_authentication
7-1
7-2
7-8
A-1
Index
vi
6-1
6-2
6-5
6-9
6-12
6-14
6-17
6-19
6-27
6-30
6-32
6-34
6-37
6-40
6-47
6-48
6-49
6-53
6-55
6-57
6-60
6-65
6-67
6-70
6-72
6-73
6-74
Index-1
Figures
Figure 4-1.
4-3
Figures
vii
Tables
Table 3-1.
Table 3-2.
Table 3-3.
Table 3-4.
Table 5-1.
Table A-1.
viii
3-3
3-5
3-9
3-13
5-7
A-1
Preface-
Preface
The VOS System Administration: Registration and Security (R283) documents access
and security management on VOS systems. This manual is intended for system
administrators and security officers.
Manual Version
This manual is a revision. Change bars, which appear in the margin, note the specific
changes to text since the previous publication of this manual. Note, however, that
change bars are not used in new chapters or appendixes.
This revision incorporates the following changes.
new information about preregistered users (Chapter 1)
system administrators are reminded about their special privileges (Chapter 2)
preventing unauthorized FTP access (Chapter 5)
support for the external RADIUS authentication service (Chapter 5)
new commands (Chapter 6)
display_registration_info
radius_admin
radius_auth_server
changed commands (Chapter 6)
log_registered_users
registration_admin
set_registration_info
Chapter 7, Subroutines, which documents the following new subroutines:
s$get_registration_info
s$perform_ext_authentication
Manual Organization
This manual contains seven chapters and one appendix.
Preface
ix
Preface
Chapter 1, Overview of Access Control and Security on VOS Modules, introduces the
access control and security system on VOS.
Chapter 2, Managing Group Directories, documents the creation and management of
group directories.
Chapter 3, Controlling Access to System Objects, details access rights, access lists,
and how to set access to files, directories, devices, and internal commands.
Chapter 4, Registering Users, documents the registration databases and the
procedures for adding and deleting users.
Chapter 5, Managing Security, explains system events and how to audit them.
Chapter 6, Command Overview, documents VOS registration and security
commands.
Chapter 7, Subroutines, documents VOS subroutines useful in writing programs for
RADIUS.
Appendix A, VOS Commands for Privileged Users, lists the VOS commands for
privileged users.
Related Manuals
Refer to the following Stratus manuals for related documentation.
VOS Commands Users Guide (R089)
VOS Commands Reference Manual (R098)
VOS System Administration: Administering and Customizing a System (R281)
Notation Conventions
This manual uses the following notation conventions.
Italics introduces or defines new terms. For example:
The master disk is the name of the member disk from which the module was
booted.
Boldface emphasizes words in text. For example:
Preface
Monospace represents text that would appear on your terminals screen (such as
following example, the user must replace the monospace-italic term with a literal
value.
list_users -module module_name
Monospace bold represents user input in examples and figures that contain both
user input and system output (which appears in monospace). For example:
display_access_list system_default
%dev#m1>system>acl>system_default
w
*.*
Preface
xi
Preface
V103
ASCII
V103
EPC
IBM PC or
Compatible
PC
V105
PC/+ 106
V105
ANSI
CANCEL
)!
! or *
)!
CYCLE
)!
)!
$OW!-&!
!
)!
6KLIW!-)!
6KLIW!-)!
$OW!-%!
!
VOS Function
CYCLE BACK
DISPLAY FORM
)!
! or -
6KLIW!-)!
)! or
6KLIW!-+HOS!
HELP
6KLIW!-)!
6KLIW!-)!
6KLIW!-)!
6KLIW!-)!
+HOS!
INSERT DEFAULT
6KLIW!-)!
6KLIW!-)!
6KLIW!-)!
6KLIW!-)!
)!
)!
)!
)!
)!
,QVHUWB+HUH!
INTERRUPT
6KLIW!-)!
6KLIW!-'HOHWH!
$OW!-,!
!
6KLIW!-)!
NO PAUSE
6KLIW!-)!
6KLIW!-*
$OW!-3!
!
6KLIW!-)!
INSERT SAVED
Numeric-keypad key
xii
Preface
add_disk
Privileged
Purpose
The add_disk command tells the operating system on the current
module to recognize the specified logical volume for the duration of
the current bootload.
Display Form
-------------------------- add_disk ------------------------disk_name:
module_name: current_module
Arguments
Required
disk_name
The name of the logical volume to be recognized for the current
bootload.
.
.
.
A name
The name of the command or request is at the top of the first page of the
description.
B Privileged
This notation appears after the name of a command or request that can be issued
only from a privileged process. (See the online glossary, which is located in the file
>system>doc>glossary.doc, for the definition of privileged process.)
Preface
xiii
Preface
C Purpose
Shows the form that is displayed when you type the command or request name
followed by -form or when you press the key that performs the DISPLAY FORM
function. Each field in the form represents a command or request argument. If an
argument has a default value, that value is displayed in the form. (See the online
glossary for the definition of default value.)
The following table explains the notation used in display forms.
The Notation Used in Display Forms
Notation
Meaning
Required field with no default value.
The cursor, which indicates the current position on the
screen. For example, the cursor may be positioned on the
first character of a value, as in a ll.
current_user
current_module
current_system
current_disk
E Command-Line Form
Shows the syntax of the command or request with its arguments. You can display
an online version of the command-line form of a command or request by typing the
command or request name followed by -usage.
The following table explains the notation used in command-line forms. In the table,
the term multiple values refers to explicitly stated separate values, such as two or
more object names. Specifying multiple values is not the same as specifying a star
name. (See the online glossary for the definition of star name.) When you specify
multiple values, you must separate each value with a space.
xiv
Preface
Meaning
argument_1
Required argument.
argument_1...
argument_1
argument_2
argument_1
Optional argument.
argument_1 ...
argument_1
argument_2
Note: Dots, brackets, and braces are not literal characters; you should not type them.
Any list or set of arguments can contain more than two elements. Brackets and braces
are sometimes nested.
F Arguments
Describes the command or request arguments. The following table explains the
notation used in argument descriptions.
G The Notation Used in Argument Descriptions
Notation
Meaning
&<&/(!
Required
(Privileged)
Preface
xv
Preface
H The following additional headings may appear in the command or request
Online Documentation
Stratus provides the following types of online documentation.
The directory >system>doc provides supplemental online documentation,
Ordering Manuals
You can order manuals in the following ways.
If your system is connected to the Remote Service Network (RSN), issue the
xvi
Preface
Customers in North America can call the Stratus Customer Assistance Center
(CAC) at (800) 221-6588 or (800) 828-8513, 24 hours a day, 7 days a week. All
other customers can contact their nearest Stratus sales office, CAC office, or
distributor; see the file cac_phones.doc in the directory >system>doc for CAC
phone numbers outside the U.S.
Manual orders will be forwarded to Order Administration.
complete the data-entry form that appears on your screen. When you have
completed the form, press (QWHU!.
If your comments are lengthy, save them in a file before you issue the command.
Your comments (along with your name) are sent to Stratus over the RSN.
Stratus welcomes any corrections and suggestions for improving this manual.
Preface
xvii
Preface
xviii
Chapter 1
Overview of Access Control
and Security on VOS Modules
1-
This chapter introduces access and security administration on VOS modules. Sections
include:
Access Control and Security Concepts
How VOS Determines User Access
Preregistered User
Access control is the mechanism by which the operating system determines users and
groups access rights to system objects, such as files, directories, devices, and internal
commands. Access rights are described in terms of access codes, single letter
designations representing these rights. These codes are documented in detail in
Chapter 3, Controlling Access to System Objects.
The access and security system for VOS modules has many features required by the
C2 security standard established by the United States government. VOS permits
discretionary access to system objects and the ability to audit system events. Each site
can determine the degree of use of the access and security features, beyond the
mandatory user registration feature and the default recording of events to the
syserr_log.(date) file.
1-1
User Names
A user name is the identifier given an individual who is registered to use the system.
Typically, the user name corresponds to the person name of the individual, and to the
name of the users associated group. The general form of a complete user name is:
person_name.group_name
Some examples of user names are Jones.ne_sales1 and
Larry_Brown.marketing.
Note that valid characters for either the person name or the group name are numbers,
upper- and lowercase letters, underlines (_), and the special characters $, @, ~, [, ],
{, }, \, |, -, ^, , :, /, , and +. A period (.) separates the person name and the group
name. Asterisks (*) may be used to replace user name components, according to the
rules described in the section User Star Names later in this chapter.
Person Names
When a user is registered on VOS, the user is identified by a person name. The person
name must be a character string. The person name can closely resemble the users
actual name (such as Rosalyn_White or rwhite), or it can be a random character
string (such as c57d or thx1138). The users person name is defined by invoking the
registration_admin command. See Chapter 4, Registering Users, for more
information on this command.
Group Names
A group is a set of users. A group directory contains the user home directories of
the individuals in that group. A group directory helps allocate system resources and
access to system objects owned by that group. The name of a group directory is the
same as the name of the group. See Chapter 2, Managing Group Directories, for
more information on groups.
A user may be registered in more than one group. When only a person name is used
in a command (such as login Peter_Jones), the operating system assumes that
the value defined in the group1 field in the users registration file entry is the group
name. See Chapter 4, Registering Users, for more information on registration file
entries and how users are registered.
A user with the person name Peter_Jones is registered in the groups sales,
shipping, and inventory. The user names of Peter Jones, specifying each group
he belongs to, are:
Peter_Jones.sales
Peter_Jones.shipping
Peter_Jones.inventory
1-2
specified in the group name. The user star name *.Treasury represents all
registered users in the Treasury group.
An asterisk in place of the group name defines the specified user in the set of all of
1-3
information.
For devices or internal commands, the operating system determines access by
searching the access list associated with the specified device, or the internal
command, if one exists. The operating system then follows Steps 14. If there is no
entry for the user in the access list, the user has undefined access to the device or
internal command. See Setting Access to Devices and Setting and Displaying
Access to Internal Commands in Chapter 3 for more information.
1-4
Preregistered User
Preregistered User
All Stratus systems are shipped with one preregistered user, Install, with a
password of secret. The first person who logs in with the Install user name must
change this password or disable the login for this user. To ensure system security, you
should not change the password back to secret at a later date.
CAUTION
If you disable the login for the Install user, you must
register at least one new user before logging out again or
you will not be able to log in at a later time.
1-5
Preregistered User
1-6
Chapter 2
Managing Group Directories
2-
System Objects, describes the access rights to system objects and how to assign
them.)
Managing Group Directories
2-1
2-2
directory?
NOTE
Keep in mind that the system administrator has full
privileges, and membership to the SysAdmin group
should be limited to users on an as needed bases
How many current users and new users will be assigned to each new group?
Should any current users assigned to a new group be removed from some other
group?
What is the best location for each new group directory? In general, the location of
the new group is related to the amount of free disk space on each disk. Monitor
current disk space used with the display_disk_usage and
display_disk_info commands. See VOS Commands Reference
Manual (R098) for information on these commands.
Here are the general steps to follow when creating additional groups.
1. Change to the (master_disk) directory.
2. If the new directory is to be stored on a disk other than the master disk, create a
link to the new directory in the (master_disk) directory.
3. Create the new group directory.
4. Define the access rights to the contents of the new group directory, using the
commands described in Chapter 3, Controlling Access to System Objects. (If you
do not define access, the operating system applies to the new group the access
rights of the directory to which it is subordinate.)
5. Issue the command registration_admin (described in Chapter 4,
Registering Users) to add or modify entries for users in the new group.
6. Examine the access rights of every current user reassigned to the new group, and
make changes if necessary. See the instructions for these procedures in
Chapter 3, Controlling Access to System Objects.
The following example shows the steps for adding the group inventory to the top
disk directory #d03, giving access to the inventory and sales groups to the
inventory directory, and creating a home directory for the user Jones in the group
directory.
Managing Group Directories
2-3
1. change_current_dir (master_disk)
2. link #d03>inventory
3. change_current_dir #d03
4. create_dir inventory
5. give_access status inventory -user *.inventory
give_default_access read inventory -user *.inventory
give_access read inventory -user *.sales
give_access null inventory -user *.*
6. registration_admin
Register Jones as a new user.
7. change_current_dir #d03>inventory
NOTE
The registration_admin command should create the
home directory for Jones automatically. Check to see if
the home directory has been created. If it has been
created, skip Step 8 and proceed to Step 9. If it has not
been created, follow the instructions in Step 8.
8. create_dir Jones
9. give_access modify Jones -user Jones.*
give_default_access write Jones -user Jones.*
copy_file (master_disk)>system>abbreviations Jones
copy_file (master_disk)>system>start_up.cm Jones
10. display_access inventory -user Jones.inventory
See Adding a User to the System in Chapter 4 for detailed information about creating
home directories.
The following example shows some of the steps for adding the Engineering group with
its 40 users to disks #d01 and #d02.
1. Since there are 40 users in the Engineering group, plan to put 20 users home
directories on #d01 and the other 20 users home directories on #d02.
2. change_current_dir (master_disk)
3. link #d01>Engineering
link #d02>Engineering
4. change_current_dir #d01
5. create_dir Engineering
6. give_access status Engineering -user *.Engineering
give_default_access read Engineering -user *.Engineering
give_access null Engineering -user *.*
7. change_current_dir #d02
8. create_dir Engineering
9. give_access status Engineering -user *.Engineering
give_default_access read Engineering -user *.Engineering
give_access null Engineering -user *.*
10. registration_admin
Add the users, adding 20 of them to #d01 and 20 of them to #d02. In this example,
the home directories for Joe Grenier and Nancy Pacek have been added to #d01
and the home directories for Linda McHugh and Paul Aronson have been added to
#d02.
11. Create links between the home directories on one disk and the group directory on
the other, to make it look like all the home directories in the Engineering group are
on the same disk:
change_current_dir #d02>Engineering
link #d01>Engineering>Joe_Grenier
link #d01>Engineering>Nancy_Pacek
change_current_dir #d01>Engineering
link #d02>Engineering>Linda_McHugh
link #d02>Engineering>Paul_Aronson
2-5
You do not have to update the registration database entries of users in a group that is
moved from the (master_disk) directory, if links exist in the (master_disk)
directory to the new location of the group.
See VOS System Administration: Disk and Tape Administration (R284) for more
information about initializing disks, and VOS Commands Reference Manual (R098) for
more information about the link, move_dir, and unlink commands.
Deleting a Group
Consider the following questions before deleting a group from your system.
Should users registered in this group be reassigned to another group or be
2-7
2-8
Chapter 3
Controlling Access to
System Objects
3-
This chapter documents how to control access to files, directories, devices, and internal
commands, and describes the access granted by the installation software. Sections
include:
Access Rights
Access Lists
File Access
Directory Access
Device Access
Internal Command Access
Access Control Set by Stratus
The commands used to display and give access rights to system objects referenced in
this chapter are documented in VOS Commands Reference Manual (R098).
Access Rights
Access rights determine a users relationship to the object. The access right
determines if the user can modify the object, use the object, or even know that the
object exists. Access rights vary slightly from object to object and are described in the
following sections. An access code is an abbreviation for the name of an access right.
It is always the first letter of the name of the access right. For example, n signifies null
access.
3-1
Access Lists
Access Lists
There are four types of access lists:
access control lists
default access control lists
device access lists
internal command access lists
Access control lists (ACLs) and default access control lists (DACLs) are lists of entries
containing an access code and a user name, associated with a file or directory. The
entries determine who has access to the system object associated with the list, and
what type of access each user or group has. These lists are not stored in the directory
hierarchy as files, and can only be displayed or modified by using VOS access
commands, such as display_default_access or give_access.
An ACL is associated with a file or directory. A default access control list (DACL) is
associated with a directory, but its entries apply to the files within that directory.
Therefore, DACL entries contain only the file access rights (null, execute, read,
write). The purpose of DACLs is to simplify access control by allowing you to set
default access controls for all the files within a directory.
Each time you add an entry to an ACL or DACL, VOS evaluates the user values from
the most specific to the least specific. The operating system puts entries with person
names ahead of entries with asterisks as their first component. The procedure for
modifying these lists is described in Setting Access to Files and Setting Access to
Directories later in this chapter. The order in which entries are added to the list is not
significant.
Device access lists govern the access to devices. Internal command access lists
govern the access to internal commands. These lists are stored in the >system>acl
directory. These lists are created by VOS as empty files associated with devices or
internal commands. See Setting Access to Devices and Setting and Displaying
Access to Internal Commands later in this chapter for more information.
File Access
This section describes file access management.
3-2
File Access
Access
Code
Description
undefined
Denies the user all access to the file. This code occurs only if
the effective access list for the file does not contain any entry
applicable to the given user name.
null
execute
read
write
Gives the user full access to the contents of the file. (However,
to delete or write to the file, the user must have modify
access to the directory in which the file is contained.)
See Setting Access to Files later in this chapter for information on assigning file
access.
3-3
File Access
DACL. If Harry Escher gave write access to his abbreviations file to Dawn Chan,
invoking the display_access_list command displays the following:
%acc#m1>Accounting>Harry_Escher>abbreviations
w Dawn_Chan.Accounting
NOTE
Giving write access to a file is not enough to let Dawn
modify and save the existing abbreviations file. Dawn
also needs modify access to the containing directory.
See Setting Access to Directories later in this chapter for
more information.
To display your access to a file, invoke the display_access command, giving the
name of a file as an argument. If you invoke display_access abbreviations in
your home directory, VOS displays the following information:
display_access abbreviations
write (master_disk)>your_group>your_home_dir>abbreviations
3-4
Directory Access
The following example removes Jo Berglands access from the abbreviations file:
remove_access abbreviations -user Jo_Bergland.*
NOTE
The user name specified by the remove_access
command must exactly match a user name in the ACL. If
the ACL listed Jo_Bergland.sales rather than
Jo_Bergland.*, the user named
Jo_Bergland.sales still has access to the file.
The following example removes the admin groups access from the tax.pm
command:
remove_access #d02>inventory_command_library>tax.pm -user
*.admin
The following example removes all users access from the sept.talk file:
remove_access sept.talk -all
Examples showing the use of the give_default_access and
remove_default_access commands appear in Default Access Control Lists
(DACLs), later in this chapter.
Directory Access
This section describes directory access management.
Access
Code
(Page 1 of 2)
Description
undefined
Denies the user all access to the directory. This code occurs
only if the effective access list for the directory does not
contain any entry applicable to the given user name.
null
3-5
Directory Access
(Page 2 of 2)
Access
Right
Access
Code
status
Allows the user to list the contents of the directory and to see
other status information, but not to change any of the contents.
modify
Description
The undefined (u) code may be associated with a file or directory. This access code
cannot be specified with a give_access command. You may see it if you are a user
from an unknown group (group that is not defined to the current module) and you
attempt to display access for a directory where the user star name (*.*) has not been
defined. Undefined access gives the user access to files and directories equivalent to
null access.
See Setting Access to Directories later in this chapter for information on assigning
directory access.
Harry_Escher.*
*.SysAdmin
*.System
*.Accounting
*.Operator
*.Postmaster
*.*
This ACL indicates Harry Escher has modify access to his home directory, members
of the SysAdmin and System groups have modify access to the directory, members
of the Accounting, Operator, and Postmaster groups have status access to the
directory, and all other users (*.*) have null access to the directory.
3-6
Directory Access
The DACL for a directory contains access information for the files in that directory. See
Default Access Control Lists (DACLs) later in this chapter for information on DACLs.
3-7
Directory Access
Harry_Escher.*
*.SysAdmin
*.System
*.Accounting
*.Operator
*.*
Remember, the access rights listed in a directorys DACL are file access rights, not
directory access rights. This DACL indicates Harry Escher has write access by
default to the files in his home directory, members of the SysAdmin and System
groups have write access by default to the files, members of the Accounting and
Operator groups have read access by default to the files, and all other users (*.*)
have null access by default to the files.
The following example gives Jim Anthony default write access to the files in Sue
Franciss sales directory:
give_default_access write Sue_Francis>sales -user
Jim_Anthony.admin
The following example gives the mis group default read access to the files in Cory
Nicias tools directory:
give_default_access read #d01>admin>Cory_Nicia>tools -user
*.mis
The following example removes the admin groups default access from the files in the
records directory:
remove_default_access records -user *.admin
Propagating Access through a Set of Subdirectories
You can copy the access from a directory throughout its subdirectories by using the
propagate_access command. The following example copies the 92_record
directorys access rights to all its subdirectories:
propagate_access 92_record
See VOS Commands Reference Manual (R098) for a full description of this command.
3-8
Device Access
Device Access
This section describes device access management, including access management for
STREAMS drivers and modules. Each site has the option to restrict access to specified
devices. Administrators not implementing device access control can disregard this
section.
Access
Code
Description
null
read
Allows the user to use a device for reading or input and any
corresponding s$control operations.
write
When a tape drive is associated with a device access list, a user needs read or write
access to the tape drive in order to use it. All other devices require write access.
See Setting Access to Devices for information on setting device access. See Setting
Access to STREAMS Drivers and Modules for information on setting access to
STREAMS drivers and modules.
3-9
Device Access
The following procedure illustrates how to restrict access to a specific device. In this
example, the devices.tin file is edited to associate the tape.1.0 tape drive with
the tape1_dev device access list. To set access to tape.1.0, perform these steps.
1. Edit >system>configuration>devices.tin to add the
access_list_name field to the device definition. Give the device access list a
meaningful name. Here are the relevant excerpts from the devices.tin file.
=name
=module_name
=device_type
=slot
=channel
=access_list_name
tape.1.0
m1
tape
29
0
tape1_dev
3-10
Device Access
to the appropriate device record in the devices.tin file, located in the directory
>system>configuration.
The following procedure illustrates how to restrict access to a specific STREAMS driver
or module. In this example, the devices.tin file is edited to associate the
echo_read driver with the streams_read_access device access list. To set access
to echo_read, perform the following steps.
1. Edit >system>configuration>devices.tin to add the
access_list_name field to the device definition. Give the device access list a
meaningful name. Relevant excerpts from the devices.tin file follow.
=name
=module_name
=device_type
=access_list_name
=streams_driver
=clone_limit
echo_read
m5
streams
streams_read_access
echo
10
See the manual VOS System Administration: Configuring a System (R287) for
more information about updating the devices.tin file.
2. Invoke create_table and broadcast_file to create a new devices.table
file and to broadcast it throughout the system.
3. Invoke the configure_devices command. VOS recognizes the newly
broadcast devices.table file and creates the
>system>acl>streams_read_access device access list.
4. To set access to echo_read, issue the give_access command.
give_access read >system>acl>streams_read_access -user *.*
All users can read data from echo_read.
To change the access of a driver or module that already has a device access list,
perform Step 4 of the preceding procedure.
Displaying Access to Devices
To determine if device access has been set for any devices (including STREAMS
drivers and modules) on the current module, change to the >system>acl directory.
3-11
Device Access
The acl directory, by default, contains a file named system_default. Access on the
system_default file is set by default as follows:
display_access_list system_default
%se#m24>system>acl>system_default
w
*.*
display_default_access_list
%se#m24>system>acl
r
*.*
If you find other files in the acl directory, it means that some devices, drivers, modules,
or internal commands have associated access lists. To determine which devices are
associated with the access lists, edit the >system>configuration>devices.tin
file and search for the name of the access list. The access list name appears in each
record of its associated device(s). Once you find the name of the device access list for
a command, use the display_access_list command to display the access set on
the device access list.
display_access_list
(master_disk)>system>acl>device_access_list
If the device access list does not have an ACL, issue the
display_default_access_list command to display the DACL for the files in the
acl directory.
To determine if a specific device has a device access list, use the dump_dvt request
of the analyze_system command, specifying the name of the device that you want
more information about. The Access Control List information appears at the end of the
lengthy output of this request.
Access Control List at 006D3680
hash_link:
00000001
acl_file_name: system_default
ref_count:
215
See the VOS System Analysis Manual (R073) for more information about the
analyze_system command.
To give access to or remove access from a device with an existing device access list,
invoke a give_access or remove_access command on the appropriate device
3-12
access list. See Setting Access to Files earlier in this chapter for information about
file access.
Access
Code
Description
execute
null
read
write
3-13
The internal_commands.dd file defines the format for each command entry in the
internal_commands.tin file as follows:
/* To ensure correct system operation, this */
/* file must never be modified by customers. */
/* This is the internal command access control file data
definitions. */
fields:
version
name
access_list_name
audit
mbz_flags
end;
To associate an internal command with an access list, create the
internal_commands.tin file. Enter the name of an internal command, and the
name of an access list, as shown in the following example:
/=name
=access_list_name
update_channel_info
uci_com
NOTE
If a value is not supplied for access_list_name, VOS
gives the access list the same name as the command.
In general, these are the only two fields that need to be added to the
internal_commands.tin file. However, you may also indicate which internal
commands should be audited. The following information enables object auditing on the
copy_file command:
/=name
=access_list_name
=audit
copy_file
system_default
1
3-14
Access for VOS commands that are not internal commands can be changed by setting
the access on the command libraries in which they reside. You can set access per
command in a command library by setting access to the commands .pm file. See
Setting Access to Files earlier in this chapter for information on setting access to
individual files. Internal commands may share access lists. Internal commands may
also share access lists with a device that is located on the same module.
If you plan to use internal command access, follow these steps:
1. Create the internal_commands.tin file, using the format defined in the
internal_commands.dd file. Add the names of the commands to restrict access
to, the names of their associated access lists, and if the command is to be
auditable, the line =audit 1. See the documentation for the
configure_commands command in Chapter 6, Command Overview, for more
information.
2. Invoke the create_table command on the internal_commands.tin file.
3. Be sure a copy of internal_commands.table is copied to the
(master_disk)>system directory.
4. Invoke the configure_commands command.
5. Change your current directory to (master_disk)>system>acl. To set the list
of users and access rights, execute the give_access command for each internal
command access list specified in the internal_commands.tin file. Access on
internal commands is maintained after subsequent boot loads if the
configure_commands command is added to the module_start_up.cm file.
CAUTION
It is possible to disable all access to all internal commands
when setting access to these access lists. If null access is
given to all users (*.*) for all internal command access
lists, none of the internal commands may be executable.
Do not give null access to all users. See Disabling
Internal Command Access Rights in this chapter if you
accidentally set null access to all internal commands or
call the CAC.
To change the access of a command already listed in the internal_commands.tin
file, invoke Step 5 of the procedure above.
To display the ACL for an internal command, first determine the name of its access list.
Check the internal_commands.tin file for this information. If the list command
3-15
is associated with the internal command access list named list_com, enter the
following command to display the ACL that governs access for the list command:
display_access_list (system)>system>acl>list_com
If the internal command access list does not have an ACL, invoke
display_default_access_list to display the DACL for the files in the acl
directory.
To give access to or remove access from an internal command with an existing internal
command access list, change to (master_disk)>system>acl and invoke the
give_access and give_default_access commands on the appropriate files. See
Setting Access to Files earlier in this chapter for information file access.
Access for commands stored in command libraries is controlled by file and directory
ACLs. See Setting Access to Files and Setting Access to Directories, earlier in this
chapter, for more information.
Disabling Internal Command Access Rights
It is possible to remove access from all internal commands for all users by accidentally
setting the access to null for all users. Since a module is unusable when all internal
command access is removed, the module must be rebooted manually. System
administrators may reset the access rights of all internal commands for all users during
a manual reboot. The following question has been added to the manual reboot queries:
Override all internal commands access to system default?
A yes answer resets all existing internal commands access to write for all users.
3-16
privileged and are in the SysAdmin group, have modify access. All other users
have null access. This is the only instance of a relationship between access and
privilege.
The Privileged field in each users registration database entry determines
have modify access, and all other users have status access. The ACL for >system
is:
m
m
s
*.SysAdmin
*.System
*.*
To the files in the >system directory (except the files containing user passwords),
users logged into the groups SysAdmin or System have write default access,
while all other users have read default access. The DACL for >system is:
w
w
r
*.SysAdmin
*.System
*.*
have write access and all other users have read access. The ACL for
user_registration.sysdb file is:
w
r
*.SysAdmin
*.*
System have write default access, while all other users have null access. The ACL
for change_password.sysdb is:
w
w
n
*.SysAdmin
*.System
*.*
3-17
3-18
Chapter 4
Registering Users
4-
This chapter describes the registration databases, which contain all the information
about the users (local and remote) who can log in to the system. Sections include:
The Registration Databases
Adding a User to the System
Deleting a User from the System
Changing a Current Users Data
Listing Registered Users
Managing User Passwords
4-1
4-2
Master Module m1
(master_disk)>system
Files:
change_password.sysdb
user_registration.sysdb
forbidden_passwords.table
Link:
master_password.sysdb
link to
(master_disk)>system>configuration
Files:
change_password.sysdb
user_registration.sysdb
Module m2
(master_disk)>system
Files:
change_password.sysdb
user_registration.sysdb
forbidden_passwords.table
Link:
master_password.sysdb
link to
Module m3
(master_disk)>system
Files:
change_password.sysdb
user_registration.sysdb
forbidden_passwords.table
Link:
master_password.sysdb
link to
Registering Users
4-3
registration_admin then inserts the path name into the user registration
tables exactly as given.
4-4
home directory
creates links from other modules having directories with the same names as the
Registering Users
4-5
4-7
4-8
Security
Whenever the databases are updated, the name of the person responsible and the
time of the modification are entered in the master record of
change_password.sysdb. This information is also entered in the security log.
Restricting Passwords
You cannot restrict the passwords used by users registered with external passwords.
You can restrict the ability of users registered with a VOS password to select their own
password using the following methods.
Use the set_password_security command to restrict classes of characters
used as a password.
These methods are optional and non-exclusionary, so you can set password
restrictions on a system using one method, both methods, or neither method.
The set_password_security command is documented in Chapter 6, Command
Overview. Use it to restrict classes of characters from being inserted in a password.
Registering Users
4-9
For example, to prevent vowels from being included in passwords on module m5, enter
the following command:
set_password_security m5 -forbid_vowels
To prevent specific words from being used as passwords, create a
forbidden_passwords.table file. The fields in this file are defined in the
forbidden_passwords.dd file. The contents of forbidden_passwords.dd,
which you must never modify, follow:
index:
password
no_duplicates no_null_keys;
fields:
password
end;
The forbidden_passwords.dd file is stored in the
(master_disk)>system>configuration directory. To create a
forbidden_passwords.table file, perform the following steps:
1. Select the words to forbid from being passwords. Enter the restricted words in a file
named forbidden_passwords.tin in the following format:
/* %sales#m1>system>configuration>forbidden_passwords.tin
*/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
/
=password
=password
=password
=password
=password
=password
=password
=password
=password
=password
=password
=password
=password
=password
=password
password
Password
PASSWORD
login
Login
LOGIN
marketing
Marketing
MARKETING
sales
Sales
SALES
widget
Widget
WIDGET
Since passwords are case sensitive, judge how many versions of each forbidden
word to include. For example, while this password file forbids use of the words
password, Password or PASSWORD, the word PaSsWoRd is still permissible.
4-10
Compatibility
Although the create_registration_table command is now obsolete, the current
release still supports it so that you can maintain the pre-Release 10 registration
database when the registration_admin command is used to add new users.
If you want to use the create_registration_table method of registering users,
you must also use the log_registered_users command. This command extracts
all user data from user_registration.sysdb and re-creates the
registration_file.tin file in the directory >system on the master module. The
log_registered_users command also updates the master record in
change_password.sysdb in the directory >system on the master module.
Once you have issued the log_registered_users command, you can edit the
registration_file.tin file and issue the create_registration_table
command. See the description of the log_registered_users command in
Chapter 6, Command Overview.
Registering Users
4-11
4-12
Chapter 5
Managing Security
5-
This chapter describes the tools for managing security on modules. Sections include:
The Security Logging Facility
System Auditing
Preventing Unauthorized FTP Access
Restricting User Passwords with set_password_security
Controlling Access with the login_admin Command
Controlling Module Use with the logout_admin Command
Process Directory Management
RADIUS Support
privileged access.
gain access to a system using a home directory path name that is neither the users
default nor the path name stored in the users registration record or when the
no_home_dir_change flag is on in the users registration record.
gain access using a subsystem that is not in the users registration record.
Managing Security
5-1
NOTES
1. If a user attempts to access a target system from a
local system that is not listed in the target systems
network_access.tin file, this is treated as a
security violation and is logged to both the local
system and the target system. For example, if a user
invokes the pre-login command list_systems on
the remote system, the security violation will be
written to both the local and the remote security logs.
2. The login command and the Streams TCP FTP
Daemon specify in their messages that they write to
the system security log when a denial of access is due
to a failure to obtain a satisfactory result from an
external authentication service.
Messages are never displayed to the users that
indicate the reason for a failed authentication attempt.
The security logging facility includes two commands.
notify_security_violation
This command displays notification on a specified terminal whenever an entry is
added to security_log.(date).
security_admin
This command enables and disables security logging on any module in the system.
These commands are documented in Chapter 6, Command Overview.
5-2
5-3
Authentication Server because the server queues are missing. A message similar
to the following is logged:
201: 01-01-18 08:23:15 est Joe.Stratus %es#abc_login.m123
Stopped 01-01-18 08:23:56 est occurred 3 times.
Target: login Joe.Stratus -module %es#m77
Text: Object not found. External Authentication server
+unavailable.
If the login command is able to communicate with the VOS RADIUS
5-4
not receive a response before the time-out period expires. A message similar to the
following is logged:
207:
Server because the server queues are missing. A message similar to the following
is logged:
201: 01-01-18 08:23:15 est Joe.Stratus %es#abc_login.m321
Stopped 01-01-18 08:23:56 est occurred 3 times.
Target: FTP login failed from Joe.stratus.com
Text: Object not found. 530 Login incorrect External
+Authentication server unavailable.
If the FTP Daemon is able to communicate with the VOS RADIUS Authentication
Server, but receives back a denial. A message similar to the following is logged:
205: 01-01-18 08:28:36 est Joe.Stratus %es#abc_login.m321
Target: FTP login failed from Joe.stratus.com
Text: 530 Login incorrect. External authentication
+server denied user.
If the FTP Daemon is able to place a message into the server queues but does not
receive a response before the time-out period expires. A message similar to the
following is logged:
207: 01-01-18 08:50:39 est Joe.Stratus %es#abc_login.m321
Target: FTP login failed from Joe.stratus.com
Text: Timeout period has expired. 530 Login incorrect.
+External authentication server is unavailable.
See VOS Codes and Messages Reference Manual (R132) for more information about
messages.
Managing Security
5-5
System Auditing
System Auditing
VOS permits the selective audit of types of events, users and objects. The
audit_admin command enables and disables selected event audits for a module. All
audits are recorded on the module owning the subject process.
There are two categories of event classification: selectable and non-selectable
(default). Default events are logged automatically to the log files, regardless of the
modules audit state. All default system events are logged to the
syserr_log.(date) file, all default access and security events are logged to the
security_log.(date) file. All selectable events are logged to the
security_log.(date) file.
Event Types
The following default auditable events record information about system security
activities:
process creation and deletion
selected administration changes
system configuration changes
selected system performance changes.
The following selectable auditable events provide more specific system information:
file, link, and directory creation and deletion
device addition and deletion
program initiation
miscellaneous administration and security access control.
5-6
System Auditing
Table 5-1 lists the event types, the commands associated with each event type, and
whether the event is selectable or default.
Table 5-1. Event Types
Event Type
syserr default
syserr_log.(date)messages
process default
admin default
configuration
default
io selectable
object selectable
security selectable
access selectable
Managing Security
5-7
System Auditing
format_disk
1
4. create_table internal_commands
5. copy_file internal_commands.table (master_disk)>system
6. change_current_dir (master_disk)>system
7. configure_commands
8. audit_admin object -audit
System Auditing
Managing Security
5-9
System Auditing
2:
3:
4:
5:
6:
7:
check_access
95-05-26 11:20:24 EDT Wright.SysAdmin %mfg#term.2.18
Event: IO
Status: SUCCESS Process ID: 01145238
Target: %mfg#m4>system>overseer.server_queue
Text: Closed port 8.
95-05-26 11:20:24 EDT Wright.SysAdmin %mfg#term.2.18
Event: IO
Status: SUCCESS Process ID: 01145238
Target: %mfg#m4>system>command_library>audit_admin.pm
Text: Closed port 7.
95-05-26 11:20:24 EDT Cathy_Foster.Mfg %mfg#term.4.1.2
Event: IO
Status: SUCCESS Process ID: 011451CD
Target:
%mfg#m4>system>postoffice>registration.global.sysdb
Text: Opened port 10, relative file, for dirty notify.
95-05-26 11:20:31 EDT Cathy_Foster.Mfg %mfg#term.4.1.2
Event: IO
Status: SUCCESS Process ID: 011451CD
Target: %mfg#m2>Mfg>Cathy_Foster>_emacs.term.4.1.2
Text: Closed port 9.
95-05-26 11:20:31 EDT Cathy_Foster.Mfg %mfg#term.4.1.2
Event: IO
Status: SUCCESS Process ID: 011451CD
Target:
%mfg#Mfg2>system>tools_library>emacs_messages.text
Text: Closed port 8.
95-05-26 11:20:31 EDT Cathy_Foster.Mfg %mfg#term.4.1.2
Event: IO
Status: SUCCESS Process ID: 011451CD
Target:
%mfg#m2>system>postoffice>registration.global.sysdb
Text: Closed port 10.
...
238:
5-10
NOTE
Avoid specifying the all or io value unless the module
has a large amount of unused disk space in the system
directory. By specifying the io or all value, every I/O
event on the module is audited, meaning the
security_log.(date) file can become thousands of
blocks long within a few hours. In the previous example,
VOS logged 239 messages to the syserr_log.(date)
file in less than four minutes, almost all of them of the I/O
event type.
5-11
If you want to start the ftpd daemon process with security enabled, issue the
following command.
start_process -output_path (master_disk)>system>stcp>logs>ftpd.out
+(master_disk)>system>stcp>command_library>ftpd -security_check_file
+%se_j14#m14_d02>SW>Noah_Smith>ftp_security -privileged -process_name ftpd7
NOTE
Do not enter the plus (+) sign that appears in this
example; it is a line-continuation character.
-allow_any_port
&<&/(!
This argument checks that the IP address in the FTP protocol command PORT
matches the clients IP address. By default, ftpd does not perform this check.
The -allow_any_port argument provides protection against security breaches
by detecting:
Whether the TCP/IP address in the PORT command is not from the originator
Whether the PORT number is less than 1024
You can use the -allow_any_port argument with the following external
variables of the ftpd daemon process.
allow_any_port$This variable is set to 1 if you specify the
incorrect PORT command is received when you are running ftpd, the following
message is returned.
refused PORT (TCP/IP_address) from (client_name)
warn_when_allow_port$If this variable is set to 1 (the default) and you
5-12
By default, all the restriction-setting arguments are turned off. After you specify
arguments to enforce the restrictions at your site, the new values remain in effect until
the module is rebooted. By including the set_password_security command, with
the applicable arguments specified in your module_start_up.cm file, the correct
password security controls will remain in place each time the module is rebooted.
These restrictions only apply to users registered with VOS passwords.
For more information, refer to the description of the set_password_security
command in Chapter 6, Command Overview, and see the description of the
forbidden_password.tin file in Chapter 4, Registering Users.
Managing Security
5-13
This argument can be used to control the load on a modules resources. See VOS
System Administration: Administering and Customizing a System (R281) for load
control information.
5-14
RADIUS Support
The VOS RADIUS Support permits the VOS System Administration to designate that
selected VOS users must be authenticated by an external RADIUS service, instead of
by VOS itself. VOS RADIUS Support, when used with a RADIUS service, permits an
organization to designate a single authentication service for multiple computer systems
from a wide variety of vendors, and permits these users to be authenticated using a
variety of methods:
static passwords
one-time passwords
combinations of static and one-time passwords
challenge-response passwords
combinations of static, one-time, and challenge-response passwords
When enabled, VOS RADIUS Support affects the behavior of the login command and
the STREAMS FTP daemon. User programs can also invoke VOS RADIUS Support to
validate user identities for an application environment.
NOTE
Stratus does not supply an external RADIUS
authentication service; you must obtain this service from
another vendor.
Managing Security
5-15
RADIUS Support
The following sections document how to install and use the VOS external Remote
Authentication Dial-In User Service (RADIUS).
Components
Configuration
User Registration
VOS RADIUS Authentication Server Messages
Testing VOS RADIUS Support
RADIUS Server Communication Notes
Components
This section describes the components that comprise VOS RADIUS Support.
Commands
The following two privileged commands are included with VOS RADIUS Support:
radius_adminThis command performs administrative functions.
radius_auth_serverThis command is the server that receives
authentication requests from VOS processes and communicates with an external
RADIUS authentication service.
For more information on these commands, see Chapter 6, Command Overview.
Configuration Files
Configuration information for VOS RADIUS Support is in a text file named
radius.tin, located in the directory (master_disk)>system>configuration.
The data description file, radius.dd, is located in the same directory. The VOS
create_table command is used to process these two files, which creates an output
file, radius.table. For information on the radius.tin file, see The radius.tin
Configuration File later in this section.
Include Files
The following files are included with VOS RADIUS Support, and are automatically
loaded with VOS:
(master_disk)>system>command_library>radius_auth_server.pm
(master_disk)>system>command_library>radius_admin.pm
(master_disk)>system>configuration>radius.sample.tin
(master_disk)>system>cofiguration>radius.dd
(master_disk)>system>include_library>ext_auth_message.incl.c
(master_disk)>system>include_library>ext_auth_message.incl.pl1
(master_disk)>system>object_library>perform_ext_auth.obj
5-16
RADIUS Support
Queues
VOS RADIUS Support uses two server queues for communication between client VOS
processes and the VOS RADIUS server. Since both of these queues are used to pass
messages that contain user names and passwords, be careful to set the proper access
to the users.
Subroutines
The following VOS subroutines are used in support of VOS RADIUS Support:
s$get_registration_infoThis subroutine returns registration information
for a specified user.
s$perform_ext_authenticationThis subroutine takes the information
necessary to authenticate a user using an external authentication service,
communicates with the authentication service, and returns the result to the caller.
For information about these subroutines, see Chapter 7, Subroutines.
Configuration
To configure your system for VOS RADIUS Support, you must copy or rename
>system>configuration>radius.sample.tin to radius.tin, and edit the file
to supply configuration information for your network.
The radius.tin Configuration File
The following is an example of the radius.sample.tin file:
=packet_timeout
=packet_retries
=multihosted
5
2
0
=primary_auth_ip
=primary_auth_port
=primary_auth_secret
127.0.0.1
9
primary_pass
=secondary_auth_ip
=secondary_auth_port
=secondary_auth_secret
127.0.0.1
9
secondary_pass
The following describes the fields in the radius.tin file needed to configure your
primary and secondary VOS RADIUS Service.
NOTE
If you do not have a secondary authentication server,
make the primary and secondary addresses the same.
Managing Security
5-17
RADIUS Support
packet_timeout N
The value for N is an unsigned integer that specifies the number of seconds a
transmit request waits for a RADIUS server to respond before failing over to the
other RADIUS server.
Upon receipt of a new authentication request, the VOS RADIUS server first
attempts to communicate with the primary RADIUS server. If no response is
received from the primary RADIUS server within the timeout period, VOS attempts
to communicate with the secondary RADIUS server. If no response is received
from the secondary RADIUS server within the timeout period, VOS again tries the
primary RADIUS server. This continues until the number of packet retry attempts
is exceeded; until the overall authentication timeout period is exceeded; or a
response is received from one of the two RADIUS servers.
NOTE
If neither RADIUS server responds within the configured
timeout values, no users who are registered to require
external password will be able to log in. This could
theoretically happen if the RADIUS servers are shared by
many hosts and they both get overloaded. Therefore, be
careful to choose an appropriate timeout value.
The minimum packet set timeout value is 1 second.
packet_retries N
The value for N is an unsigned integer that specifies the number of times that a
packet should be retransmitted to a RADIUS server. This value is in addition to the
initial transmission; thus, specifying the value of 2 allows for a maximum of 3
attempts to send each packet.
multihosted N
The value for N is an unsigned integer that specifies whether the primary and
secondary IP addresses represent two distinct RADIUS servers (non-multihosted),
or whether they represent two distinct IP addresses for the same RADIUS server
(multihosted).
In a non-multihosted configuration, VOS communicates with only one RADIUS
server (or IP address) at a time. Once it sends a packet to a RADIUS server at a
particular IP address, it only accepts a response from that same IP address. In a
multihosted configuration, VOS sends a packet to a specific IP address but accepts
a response from either IP address.
A value of zero specifies that the IP addresses represent distinct RADIUS servers.
A nonzero value specifies a single RADIUS server.
5-18
RADIUS Support
primary_auth_ip
primary_auth_port
primary_auth_secret
These fields represent, respectively, the IP address, UDP port number, and shared
secret for the primary RADIUS authentication server. You must change the
Stratus-supplied values to the ones that are appropriate for your configuration.
secondary_auth_ip
secondary_auth_port
secondary_auth_secret
These fields represent, respectively, the IP address, UDP port number, and shared
secret for the secondary RADIUS authentication server. You must change the
Stratus-supplied values to those that are appropriate to your configuration.
The IP address must be specified in numeric, dotted-quad form.
The following restrictions apply:
Do not use an invalid IP address; the VOS authentication server always uses
both addresses.
If you have two distinct RADIUS servers, you must specify the IP address of
each one; one as the primary server and one as the secondary server.
If you have a single RADIUS server that can be reached by two distinct IP
addresses, you must specify the IP addresses, one as primary and one as
secondary, and you must also specify a nonzero value for the multihosted
field.
If you have a single RADIUS server that can be reached only by a single IP
address, specify the same IP address as both the primary and secondary
address and specify a nonzero value for the multihosted field.
The UDP port number is an unsigned integer that specifies the well-known
port that the RADIUS authentication service listens to.
The shared secret is a character string that specifies an identification string
that ensures the security of transactions between a client (VOS) and a
RADIUS server. You must specify the shared secret for each server. When
the server is multihosted, only the primary shared secret is used; you need
not specify a secondary shared secret; even if you do specify one, it will be
ignored. The shared secret may be any length between 1 and 128 bytes.
NOTE
Per the RADIUS specification RFC 2138, the
radius_auth_server command will display a warning
message if the length of either of the shared secrets is
Managing Security
5-19
RADIUS Support
*.System
*.SysAdmin
*.*
NOTE
The radius_auth_server.pm command must be run
by a process that has write permission to both queue files.
You should never give general users read or write
5-20
RADIUS Support
User Registration
This section describes user registration for the VOS RADIUS Service. Sections
include:
Valid User Names
Valid Passwords
Registering Users for RADIUS Authentication
Registering Users for VOS Authentication
Managing Security
5-21
RADIUS Support
NOTE
Currently, the only external authentication service
supported by Stratus is the RADIUS authentication
service.
Using the registration_admin command, you can change the registration
information, including the password type attribute, for any existing user at any time.
The change takes effect as soon as the new copy of the registration file is broadcast to
all modules in the system. You can register a new user with either password type value.
Once a user is registered to require external authentication, he or she can no longer
change their password from VOS, nor can you use the set_registration_info
command to change the password. You must use the facilities provided by the RADIUS
authentication service.
VOS obeys the instructions of the external authentication service, and either accepts
or denies access to the user accordingly. Therefore, VOS does not validate external
passwords, nor does VOS expire the password of a user registered for external
authentication. VOS never terminates the account of a user having too many
consecutive bad passwords, as VOS expects that all such administrative measures are
handled by the external authentication service.
Registering Users for VOS Authentication
When a user is registered to require external authentication, the VOS password
database (user_password.sysdb) still contains his or her VOS static password. If
you need to re-register a user to use VOS authentication, invoke the
registration_admin command and cycle the password type option to VOS.
Then, if needed, you can use the set_registration_info command to change the
VOS password.
Users who are registered to require VOS authentication are subject to the usual VOS
policies in regard to password expiration, account termination, valid passwords and so
on.
5-22
RADIUS Support
Current configuration:
send timeout:
send retries:
multihosted:
primary server IP:
primary server port:
secondary server IP:
secondary server port:
5
2
1
192.168.223.214
1812
192.168.223.214
1812
Current globals:
auth_timeout$ = 60
log_level$ = 3
max_sockets$ = 10
syserr_option = 0
OperationInitialization Failure
Managing Security
5-23
RADIUS Support
AdministrationAccepted logout request
5-24
RADIUS Support
User Name
Password
Password Type
test_vp
test_vp
VOS
test_np
test_np1
External
test_sp
test_sp1
External
test_otp
test_otp1
External
test_sp_otp
test_sp_otp1
External
Managing Security
5-25
RADIUS Support
User Name
Password
Password Type
test_np_crp
test_np_crp1
External
test_sp_crp
test_sp_crp1
External
Exit from the registration_admin command and wait for the updated
registration information to broadcast to all of the modules in the system. Be sure to
check the logs for any unusual messages.
2. Register Test Users on RADIUS
Using the administrative interface (supplied by the RADIUS server vendor) to the
RADIUS server, register the following users on RADIUS with the password shown
in the RADIUS Password column and Password Type shown in the last column.
NOTES
1. The following explanation uses the terminology of the
demo tokens.
2. Do not register test_vp on the RADIUS server.
3. Use this testing facility of the RADIUS server to
ensure that the test users are properly registered and
that you know their password values.
User Name
RADIUS Password
test_np
null password
<newline>
test_sp
static password
test_sp
test_otp
one-time password
OTP
test_sp_otp
test_spOTP
test_np_crp
<newline>
[Challenge]Response
test_sp_crp
test_sp
[Challenge]Response
RADIUS Support
Test
User Name
First Password
Second
Password
Expected Result
on VOS
Expected Result
on RADIUS
test_vp
badpw
NA
login incorrect
no message
test_np
test_np1
NA
login incorrect
bad static pw
test_sp
test_sp1
NA
login incorrect
bad static pw
test_otp
test_otp1
NA
login incorrect
bad static pw
test_sp_otp
test_sp_otp1
NA
login incorrect
bad static pw
test_np_crp
test_np_crp1
badpw
login incorrect
bad static pw
test_sp_crp
test_sp_crp1
badpw
login incorrect
bad static pw
test_vp
test_vp
NA
login
no message
Managing Security
5-27
RADIUS Support
Test
User Name
First Password
Second
Password
Expected Result
on VOS
Expected Result
on RADIUS
test_np
(null)
NA
login
accepted
10
test_sp
test_sp
NA
login
accepted
11
test_otp
OTP
NA
login
accepted
12
test_sp_otp
test_spOTP
NA
login
accepted
13
test_np_crp
(null)
CR
login
accepted
14
test_sp_crp
test_sp
CR
login
accepted
15
test_np_crp
(null)
badpw
login incorrect
bad response
16
test_sp_crp
test_sp
badpw
login incorrect
bad response
17
test_np_crp
(null)
Note 1
login incorrect
denial
18
test_np_crp
(null)
Note 2
login incorrect
denial
NOTES
1. Let the login command wait at the prompt for the
second password for longer than the value specified
in the -timeout control argument of the
radius_auth_server command. The default
value for this control argument is 60 seconds.
2. Let the login command wait at the prompt for the
second password for longer than the
challenge/response timeout value of the RADIUS
server. For some RADIUS servers, this is 2 minutes.
Finally, run a test in which you attempt to log in the test_np_crp user from two
different terminal sessions simultaneously. The VOS RADIUS authentication
server can handle this case, but some RADIUS servers permit this type of login,
and some do not. The following sequence of lines represents the order in which
you should perform the steps:
a. Terminal 1: login test_np_crp
b. Terminal 1: Password? (enter a newline)
c. Terminal 2: login test_np_crp
d. Terminal 2: Password? (enter a newline)
e. Terminal 1: Challenge is [XXXX], enter response:
5-28
RADIUS Support
Test
User Name
First Password
Expected Result
on VOS
Expected Result
on RADIUS
test_vp
badpw
login incorrect
no message
test_np
test_np1
login incorrect
bad static pw
test_sp
test_sp1
login incorrect
bad static pw
test_otp
test_otp1
login incorrect
bad static pw
test_sp_otp
test_sp_otp1
login incorrect
bad static pw
test_np_crp
test_np_crp1
login incorrect
bad static pw
test_sp_crp
test_sp_crp1
login incorrect
bad static pw
test_vp
test_vp
login
no message
test_np
(null)
login
accepted
10
test_sp
test_sp
login
accepted
Managing Security
5-29
RADIUS Support
Test
User Name
First Password
Expected Result
on VOS
Expected Result
on RADIUS
11
test_otp
OTP
login
accepted
12
test_sp_otp
test_sp[OTP]
login
accepted
13
test_np_crp
(null)
login incorrect
timeout
14
test_sp_crp
test_sp
login incorrect
timeout
5-30
Attribute
Description
User Name
User Password
NAS Identifier
NAS IP Address
NAS Port
RADIUS Support
You can configure the RADIUS server to accept or reject authentication requests
based on the values of these attributes. For example, you can require that
RADIUS-enable VOS users to log in from a specific module. You can prevent users
from using FTP, or you can create users that can only use FTP.
The RADIUS server responds with an Access-Accept or Access-Reject packet,
according to whether the authentication request is accepted or denied.
Access-Challenge
When a user is registered at the RADIUS server to require a challenge and response,
the RADIUS Server responds to the Access-Request packet with an Access-Challenge
packet. The Access-Challenge packet contains a Reply-Message attribute field and a
State attribute field. The VOS RADIUS Server passes the Reply-Message to its client
and waits for a response from the client. When the client replies back with the
response, VOS sends a new Access-Request packet to the RADIUS Server. This new
Access-Request packet contains the same attributes as the original packet including
the State attribute, but the response to the challenge replaces the original password.
The RADIUS Server will issue one of three responses: Access-Accept, Access-Reject,
or another Access-Challenge packet.
Restrictions
Some external RADIUS authentication servers do not permit the same person to
undertake multiple, near-simultaneous challenge/response authentication requests.
For example, if a user is registered to require the use of a challenge and response, and
attempts to log in to multiple sessions at the same time, some servers will deny the
earlier authentication attempt even if the correct response is given. The solution is for
such users to complete each authentication request sequence before starting a new
request.
Managing Security
5-31
RADIUS Support
5-32
Chapter 6
Command Overview
6-
This chapter documents two types of commands: administrator commands and system
process commands.
The administrator commands are given directly by system administrators. Most
registration_admin
security_admin
set_object_audit
set_password_security
set_priority
set_process_audit
set_registration_info
update_password_info
wait_for_tp_overseer
Command Overview
6-1
accounting_admin
accounting_admin
Privileged
Purpose
The accounting_admin command enables or disables the logging of statistics for a
module and specifies the type of statistics to be logged.
Display Form
----------------------- accounting_admin -------------------------module:
-disable_accounting:
no
-port_accounting:
no
-log_commands:
no
-log_files:
no
-log_proc_stats_records: yes
-log_proc_user_records:
yes
-log_transactions:
no
Arguments
module
The module for which the accounting facility is being enabled or disabled. The
default is the current module.
&<&/(!
-disable_accounting
Disables accounting on the specified module. When disabling accounting, do not
use this argument with any other argument as new settings are ignored. When
6-2
accounting_admin
enabling accounting, set this argument to no to retain the other values. The default
value is no.
&<&/(!
-port_accounting
Records statistics about the I/O traffic on each port on the designated module. The
default value is no. This argument is automatically set to yes when the
-log_files argument is set to yes. Port accounting degrades system
performance slightly.
&<&/(!
-log_commands
Logs the start and terminate records for each command executed. The default
value is no. Command logging degrades system performance noticeably.
-log_files
&<&/(!
Logs a file-close record whenever a file is closed. When this argument is set to
yes, the -port_accounting argument is set to yes. The default value is no. File
logging degrades system performance noticeably.
&<&/(!
-no_log_proc_stats_records
Does not log a process statistics record whenever a process calls the subroutine
s$log_resource_usage. The default value is yes.
-no_log_proc_user_records
&<&/(!
Does not log a process-defined record whenever a process calls the subroutine
s$log_process_record. This argument permits the creation of user-defined log
records. The default value is yes.
&<&/(!
-log_transactions
Logs a transaction record whenever a transaction starts, commits, or aborts. The
default value is no. Transaction logging can degrade system performance
noticeably, depending on the number of transactions.
Explanation
The accounting_admin command enables or disables statistic-logging for a module.
When accounting is enabled, process statistics and user-defined log records are
logged by default. Commands, port-use records, file-use records, and transactions
may also be logged.
Command Overview
6-3
accounting_admin
Examples
The following command logs the closing of any file on the current module and the
executing, committing, or canceling of any transactions on the current module. This
command disables the writing of process-defined records by the operating system.
accounting_admin -log_files -no_log_proc_user_records
-log_transactions
The following command disables accounting on module m1.
accounting_admin m1 -disable_accounting
Related Information
See VOS System Administration: Administering and Customizing a System (R281) for
definitions of the types of accounting records.
6-4
audit_admin
audit_admin
Privileged
Purpose
This command enables or disables the auditing of events on a module, and specifies
the types of events to be audited.
Display Form
---------------------------- audit_admin ----------------------------event:
-audit:
no
-display: no
-format:
-module: current_module
Arguments
event_type
&<&/(!
Specifies the type of event to be logged. The possible values are admin,
channel, configuration, io, object, performance, print, process,
security, utility, access, all, and a blank. The default is a blank, which
does not select a type of event to be audited. The print value is reserved for
future use.
Two categories of events are classified: selectable and non-selectable (default).
Default events are logged automatically once system auditing is enabled.
Selectable events are logged at the sites discretion. All default events are logged
to the syserr_log.(date) file (even when auditing is not enabled) and all
selectable events are logged to the security_log.(date) file. See Table 5-1 in
Command Overview
6-5
audit_admin
&<&/(!
&<&/(!
-format format_type
Specifies the type of format that events are displayed in. The values are short,
long, and a blank. The default is a blank, designating no change.
NOTE
When the format is changed, it is changed for all default
events and any discretionary event type being audited.
-module module_name
Specifies the module whose events are to be logged. The default is the current
module.
Explanation
The audit_admin command enables the auditing of specified system events and
provides enhanced system messages about these events. This command should be
included in the module_start_up.cm file, but may be invoked at any time. There are
two classes of auditable events: default and selectable. See Table in Chapter 5,
Managing Security, for a list of the auditable events and their related commands,
subroutines and tasks.
6-6
audit_admin
3:
5:
6-7
audit_admin
%jk#m1>process_dir_dir>pd.01149227.Brian_Welles>_aaarkbLxa+K
aWnzi.
+temp
Text: Gerry_Welles.Edu given r access.
NOTE
Issuing audit_admin security -audit -format
short is equivalent to issuing security_admin on.
To audit all events on %bos#m1 and display the events in a long format, enter the
following command while logged in to %bos#m1:
audit_admin all -audit -format long
tail_file >system>syserr_log.(date)
09:17:37 audit event admin: all event logging changed from OFF
to ON.
09:17:56 link 0100 i 31 10540 02 00000011 00000000 controller
status
SYSERR
{0114201B Overseer.System}
09:17:59 link 0100 i 31 10540 02 00000011 00000000 controller
status
SYSERR
{01142015 Overseer.System}
09:18:08 Process 011421EC, Tony_Pella.Doc (edit), created.
PROCESS SUCCESS {011421E7 Tony_Pella.Doc}
09:18:13 Process 011421EC, Tony_Pella.Doc (edit), terminated.
PROCESS SUCCESS {0114201B Overseer.System}
09:18:17 Process 011421ED, Mora_Hebert.Comm (13/lock),
created.
To disable the auditing of all events on %bos#m1, enter the following command while
logged in to %bos#m1:
audit_admin all -format short
Related Information
See Chapter 5, Managing Security, and the documentation for the
set_object_audit and set_process_audit commands in this chapter.
6-8
configure_commands
configure_commands
6-
Purpose
The configure_commands command modifies the assignment of access lists for a
specified set of internal commands.
Display Form
--------------------------- configure_commands ------------------------commands_table: (master_disk)>system>internal_commands.table
Arguments
internal_commands_table_path_name
The path name to the table file containing a list of internal commands and their
associated access lists. The default value for this argument is
(master_disk)>system>internal_commands.table.
Explanation
The configure_commands command updates the assignment of access lists for
internal commands. Each specified command has its access determined by its
associated internal command access list. Any unspecified commands are associated
with the >system>acl>system_default access list by default. Each new access
list uses the same access as the system_default file.
The give_access and related access commands set access on the internal
command access lists, which, in turn, set the access for the associated commands. If
you do not supply a value for the access_list_name field, VOS creates the empty
access list file in (master_disk)>system>acl, giving the access list the name of
the internal command.
Execution of this command does not affect any existing internal command access lists.
If a command listed in the internal_commands.tin file has become obsolete,
Command Overview
6-9
configure_commands
delete the command name record from the file and follow the first procedure described
in the example section for updating the internal_commands.tin file. To keep the
internal_commands.table file in force across bootloads, add this command to the
module_start_up.cm file.
In addition to enabling access for internal commands, this command provides an
alternate method for enabling the auditing of internal commands. See the Examples
section for this procedure.
Examples
The following procedure assigns the access list display_acl to the command
display, enables auditing on the command, and sets internal access for that
command.
1. Edit the
(master_disk)>system>configuration>internal_commands.tin file
and make the command auditable, add the following lines:
/=name
=access_list_name
=audit
display
display_acl
1
2. create_table internal_commands
3. copy_file internal_commands.table
(master_disk)>system>internal_commands.table
4. configure_commands
This command creates the access list display_acl in >system>acl.
5. Change to the (master_disk)>system>acl directory. Set access on the
access list file display_acl, corresponding to the access desired for the
display command.
6. set_object_audit -internal_command display on
7. audit_admin object -audit
To assign the system default access list to the command move_file, edit the
(master_disk)>system>internal_commands.tin file and add the following
lines:
/=name
=access_list_name
6-10
move_file
system_default
configure_commands
To assign the access list rename to the command rename, add the following line to
the internal_commands.tin file:
/=name
rename
Related Information
See Setting and Displaying Access to Internal Commands in Chapter 3 for more
information about setting access on internal commands and the set_object_audit
command in this chapter for information on auditing internal commands.
Command Overview
6-11
create_user_sysdbs
create_user_sysdbs
6-
Purpose
This command creates the files and links needed to access the password and
registration databases to verify user names and passwords as users attempt to log in
to the system.
Invoke this command only once in the lifetime of a module, unless the master module
(defined in the master_module argument description) is changed.
Display Form
-------------------------- create_user_sysdbs -------------------------master_module:
module:
Arguments
master_module
Required
The module designated to broadcast registration changes to the other modules in
the system.
module_name
Required
The module to receive the registration changes from the master module.
Explanation
Give this command once for every module in the system. For example, in a system with
three modules, give this command three times and in one of the commands, specify
the master module in both arguments. In a single module system, give this command
once, giving the module name in both arguments.
6-12
create_user_sysdbs
When a user changes his or her password with the -change_password option of the
login command, the operating system first updates the users password information
on the master module, and then broadcasts the change to every other module.
The files created by this command are:
change_password.sysdb, created in the directory >system>configuration
on the master module, the directory >system on the master module, and the
directory >system on the module named in the module argument.
user_registration.sysdb, created in the directory
Examples
These commands create password files, registration files, and links on all of the
modules in a system.
create_user_sysdbs
create_user_sysdbs
create_user_sysdbs
create_user_sysdbs
m1
m1
m1
m1
m1
m2
m3
m4
Related Information
See Chapter 4, Registering Users, and the commands registration_admin and
set_registration_info.
Command Overview
6-13
display_registration_info
display_registration_info
Privileged
Purpose
This command displays all of the VOS registration information for a user.
Display Form
----------------------- display_registation_info -------------------user_name:
-module:
Arguments
user_name user_name
Required
Specify the name of the user whose registration information should be displayed.
-module module_name
Specify the module name of the user registration database that should be used.
Explanation
This command displays all of the VOS registration information for a user. Some fields
are ignored for users who are registered for external authentication; this command
displays these fields as ignored or irrelevant.
6-14
display_registration_info
Examples
The following example shows the output for a user who is registered to require external
authentication.
display_registration_info JoeStratus
Registration information for JoeStratus:
Account status
: active
Password type
: external
No password change
: forced true
Permanent password
: ignored
Must change password
: ignored
Min password length
: irrelevant
Date of last password chg : irrelevant
Max bad login attempts
: irrelevant
Number bad login attempts : irrelevant
Valid password expires
: irrelevant
Password grace time
: irrelevant
Password format
: irrelevant
Privileged
: true
Default Privileged
: true
Must Have Start Up Program : false
Must Use Subsystem
: false
No Home Dir Change
: false
Priority
: 5
Max Priority
: 7
Max Processes
: 0
Home Dir
: %ab#lang>Languages>Joe
Group (1)
: Stratus
Group (2)
: Languages
Group (3)
: SysAdmin
Group (4)
:
Group (5)
:
Subsystem (1)
:
Subsystem (2)
:
Subsystem (3)
:
Language
:
UID
: 385
GID (1)
: 172
GID (2)
: 134
GID (3)
: 2
GID (4)
: -1
GID (5)
: -1
Command Overview
6-15
display_registration_info
The following example shows the output for a user who is registered to require VOS
authentication.
display_registration_info LisaStratus
Registration information for LisaStratus:
Account status
: active
Password type
: VOS
No password change
: false
Permanent password
: false
Must change password
: false
Min password length
: 1
Date of last password chg : 01-03-25
Max bad login attempts
: 0
Number bad login attempts : 0
Valid password expires
: never
Password grace time
: 0
Password format
: any
Privileged
: true
Default Privileged
: true
Must Have Start Up Program : false
Must Use Subsystem
: false
No Home Dir Change
: false
Priority
: 5
Max Priority
: 7
Max Processes
: 0
Home Dir
: %ab#lang>Languages>Lisa
Group (1)
: Stratus
Group (2)
: Languages
Group (3)
: SysAdmin
Group (4)
:
Group (5)
:
Subsystem (1)
:
Subsystem (2)
:
Subsystem (3)
:
Language
:
UID
: 386
GID (1)
: 172
GID (2)
: 134
GID (3)
: 2
GID (4)
: -1
GID (5)
: -1
6-16
log_registered_users
log_registered_users
Privileged
Purpose
This command enables sites to register new users with either the
create_registration_table command or the registration_admin
command.
Display Form
------------------------- log_registered_users ------------------------No arguments required. Press ENTER to continue.
Explanation
The log_registered_users command provides registration file compatibility for
sites that use both the registration_admin and the
create_registration_table commands. The log_registered_users
command extracts all user data from user_registration.sysdb and re-creates a
registration_file.tin file in the directory
master_module>system>configuration. The file contains entries, including the
value of the external_authentication attribute, for all users registered with either
the create_registration_table command or the registration_admin
command.
When the log_registered_users command re-creates the
registration_file.tin file, it restricts access so that only members of the
SysAdmin group can modify it. Users not in that group need to get access to the file
before they can modify it. After editing the file, update the registration database using
the create_registration_table command.
No password data is written to the registration_file.tin file. Passwords are
stored in the change_password.sysdb databases. The log_registered_users
command updates change_password.sysdb in
master_module>system>configuration.
Command Overview
6-17
log_registered_users
Related Information
See Chapter 4, Registering Users.
6-18
login_admin
login_admin
Privileged
Purpose
The login_admin command sets login parameters for a module for the current
bootload.
Display Form
---------------------------- login_admin ---------------------------1 023
max_logins:
-module:
current_module
-password:
-restrict:
-unrestrict:
-list_restricted:
no
-delay_prelogins:
yes
-password_exp_time:
0
-min_password_len:
1
-max_access_attempts:
0
-max_bad_logins:
0
-subproc_logout_message:
no
-password_grace_time:
0
-password_format:
any
-terminal_as_process_name: no
Command Overview
6-19
login_admin
Arguments
NOTE
The values displayed by this command are the same as
the values set by the login_admin command in the
module_start_up.cm file or by the most recent
invocation of the command.
max_logins
Specifies the maximum number of users who can be logged in to the module. The
value for max_logins can be any number from 1 to 1023. The initial default value
is 1023.
-module module_name
Specifies the module whose login parameters are being set. The initial default
value is the current module.
-password special_password
Prompts users for a special-session password. Only users who supply
special_password in response to the prompt are logged in to the module. This
argument permits the creation of a special session to which only administrative
or test personnel can log in.
6-20
login_admin
-restrict user_name
Adds a user name or user star name to the restricted users list. This user is
restricted from logging in to the module directly (but not through a subprocess). Do
not give this argument and the -unrestrict argument simultaneously. If you
omit both this argument and the -unrestrict argument, the current restricted
users list does not change. To display the restricted users list, invoke the
-list_restricted argument.
-unrestrict user_name
Removes a user name or user star name from the restricted users list. This user is
no longer restricted from logging in to the module. Do not give this argument and
the -restrict argument simultaneously. If you omit both this argument and the
-restrict argument, the current restricted users list does not change. To display
the restricted users list, invoke the -list_restricted argument.
&<&/(!
-list_restricted
Displays the restricted users list. The initial default value is no.
-no_delay_prelogins
&<&/(!
Does not check for processes attached to terminals connected to the module every
30 seconds and does not prevent the starting of a pre-login process for any
terminal until no other process is attached to that terminal. The initial default value
is yes. If this argument is set in the module_start_up.cm file, the displayed
value is the same as the value set in the module_start_up.cm file.
A pre-login process is a process that the Overseer starts for a terminal for which
login processes are enabled.
-password_exp_time days
Specifies how many days a password remains valid. A nonzero value for
password_expiration_time sets the number of days a password remains
valid. A value of 0 turns off the expiration check so that there is no limit on how long
a password remains valid. The initial default value is 0. If this argument is set in the
module_start_up.cm file, the displayed value is the same as the value set in
the module_start_up.cm file. Note, this argument only applies to users
registered with VOS passwords.
When you specify a nonzero value, the login_admin command displays the following
message upon login:
WARNING: All users who have not changed their passwords
since date/time will not be able to log in.
The date/time shown in the message is the most recent date and time that a user
would have had to change his or her password in order for it to be remain valid. This
helps to remind users to change their passwords regularly.
Command Overview
6-21
login_admin
For example, if on June 30, the system administrator specifies 7 as the number of
days a password is valid, the login_admin command would display this
message:
WARNING: All users who have not changed their passwords
since 94-06-23 11:05:15 EDT will not be able to log in.
Users who had not changed their passwords in the last seven days would be
unable to log in. This argument should be used with the
-password_grace_time argument, to control the grace period before users lose
their account privileges.
-min_password_len minimum_password_length
Specifies the minimum number of characters that can comprise a password. This
field is checked only when the user specifies -change_password at login. The
value of minimum_password_length can be any number from 1 to 32. Note, this
argument only applies to users registered with VOS passwords. The initial default
value is 1.
-max_access_attempts maximum_access_attempts
Specifies the maximum number of consecutive unsuccessful login attempts that
can be made on a terminal. When the maximum is reached, the Overseer briefly
disconnects the terminal. A nonzero value for maximum_access_attempts
restricts the number of attempts to the specified number. A value of 0 turns off the
checking for login violations for each pre-login process. The initial default value is
0.
-max_bad_logins maximum_bad_logins
Specifies the number of consecutive login failures a user can have before his or
her account is terminated. A nonzero value for maximum_bad_logins terminates
the users account after the specified number of consecutive login failures. A value
of 0 turns off the checking for login violations for each user account. Note, this
argument only applies to users registered with VOS passwords. The initial default
value is 0.
&<&/(!
-subproc_logout_message
Sends a message to any user logged into a subprocess, that the process is a
subprocess. The initial default value is no. The operating system displays the
message once every five minutes.
-password_grace_time days
Specifies the number of days a user has, after the password expiration time has
been exceeded, to change his or her password. During this grace time period, the
user must change his or her password the first time he or she attempts to log in.
Use this argument only when the value given in the argument
-password_exp_time is a nonzero value (since a 0 value in that argument
means that the system does not check whether passwords have expired). Note,
6-22
login_admin
this argument only applies to users registered with VOS passwords. The initial
default value is 0.
&<&/(!
-password_format password_format
Specifies the format in which a user must specify a new password. The allowed
values are any, which accepts a password in any format, and two_words, which
requires that a password consist of two words separated by a punctuation mark.
Note, this argument only applies to users registered with VOS passwords. The
initial default value is any.
&<&/(!
-terminal_as_process_name
Specifies that a login process use as its process name the device name of the
terminal from which the process was started. The initial default value is no, which
means the value login is used instead of the terminal name.
Explanation
The login_admin command sets login parameters for a module for the current
bootload only. When the module is rebooted, the following parameters revert to their
initial default values:
Argument
max_logins
1023
-module
current_module
-password
Not set
-restrict
Not set
-unrestrict
Not set
-list_restricted
no
-delay_prelogins
yes
-password_exp_time
-min_password_len
-max_access_attempts
-max_bad_logins
-subproc_logout_message
no
-password_grace_time
-password_format
any
-terminal_as_process_name
login
Command Overview
6-23
login_admin
-max_bad_logins argument
does not change his or her password for a period exceeding the combined number
login_admin
Command Overview
6-25
login_admin
In the following circumstances, operating system messages and prompts are issued
automatically to inform a user about password expiration and account termination.
If the time since a users last password change is within seven days of exceeding
The user is then prompted for a new password. If the user attempts to bypass the
prompt by pressing the 5(7851! key, the warning message appears again. If the
user attempts to bypass the prompt a second time, the account is terminated.
If the users account has been terminated for exceeding the password expiration
and password grace times or for exceeding the maximum number of consecutive
unsuccessful login attempts, the user receives the message:
User account has been terminated
Examples
The following command establishes the password test as a special-session
password required for users to log in to the current module and prevents all users in
the group Sales from having access to the module.
login_admin
-password test
-restrict *.Sales
The following command removes the special-session password requirement for users
on the current module.
login_admin -password
The following command limits the number of users who can be logged in on module m6
to 30.
login_admin
6-26
30
-module m6
login_admin
The following command displays the restricted users list for module %wa#m4.
login_admin -module %wa#m4 -list_restricted
The restricted users are:
Install.*
*.ca
Pat_OBrien.*
Related Information
See Chapter 4, Registering Users, and the command set_registration_info.
Command Overview
6-27
logout_admin
logout_admin
Privileged
Purpose
The logout_admin command logs out inactive login processes after a specified
number of minutes.
Display Form
----------------------------- logout_admin ----------------------------current_module
-overseer_module:
-inactive_logout:
none
-dialup_grace_time: 15
-direct_grace_time: 120
Arguments
NOTE
The values displayed by this command are the same as
the values set by the logout_admin command in the
module_start_up.cm file or by the most recent
invocation of the command.
-overseer_module module_name
The module whose inactive processes will be logged out. The initial default is the
current module.
6-28
logout_admin
-inactive_logout process_type
&<&/(!
Specifies the types of processes that will be logged out. The values are none,
dialup, and all. With the all value, processes running over both dialup and
direct lines will be logged out. The initial default value is none.
-dialup_grace_time minutes
Specifies the number of minutes that a process operating over a dialup line can be
inactive before the operating system logs it out. The initial default value is 15 and
the minimum value is 2. This argument has no effect unless all or dialup is
given for the -inactive_logout argument.
-direct_grace_time minutes
Specifies the number of minutes that a process operating over a direct line can be
inactive before the operating system logs it out. The initial default value is 120 and
the minimum value is 2. This argument has no effect unless all is given for the
-inactive_logout argument.
Explanation
This command enables inactivity logout. The values specified are in force for the
current bootload only. After a module reboot, the following parameters revert to their
initial default values:
Argument
-overseer_module
current_module
-inactive_logout
none
-dialup_grace_time
15
-direct_grace_time
120
Command Overview
6-29
logout_admin
Examples
The following command causes any processes operating over a dialup line to be
logged out after it has been inactive for 22 minutes (20 minutes grace time, followed by
a warning message and another 2 minutes).
logout_admin
Related Information
See VOS System Administration: Configuring a System (R287) for information about
configuring devices and the dialup value.
6-30
notify_security_violation
notify_security_violation
6-
Purpose
The notify_security_violation command either starts or stops the notification
of security violations to a specified terminal. When notification is enabled for a terminal,
the operating system displays a message on that terminal whenever an entry is written
to the security_log.(date) file of a module.
Display Form
---------------------- notify_security_violation ----------------------terminal:
-module:
-off:
no
Arguments
terminal
The name of the terminal to which notification is to be started or stopped. The
default value is the terminal of the current process. The name of the terminal must
be preceded by the pound sign (#).
If you do not give a value for this argument, notification to the terminal running the
current process stops when that process logs out. If you do give a value,
notification to the named terminal continues even after the current process logs
out, until notification is explicitly stopped with the -off argument.
-module module_name
The name of the module whose security violations are to be signaled, or are no
longer to be signaled, to the specified terminal. The default is the current module.
Command Overview
6-31
notify_security_violation
-off
&<&/(!
Disables notification to the specified terminal. The default is no, which enables
notification.
Explanation
Notification consists of a message displayed on the status line of the specified terminal
indicating that an entry was written to the file security_log.(date). The text of the
entry is not displayed.
A terminal receives notifications either until the process controlling that terminal is
logged out (if no value was given for the terminal argument) or until the terminal
named in the terminal argument is named in a subsequent
notify_security_violation command with the -off argument.
Examples
The following command stops notification of terminal term.12.2 of security violations
on the current module.
notify_security_violation
#term.12.2
Related Information
See Chapter 5, Managing Security.
6-32
-off
radius_admin
radius_admin
Privileged
Purpose
This command is used to configure, log out, or display the statistics of a VOS RADIUS
Server process.
Display Form
------------------------------- radius_admin----------------------------request: reconfigure
-module: current_module
-module module_name
Specifies the module on which the request is to take place. The default value is the
current module.
Explanation
When the reconfigure value is specified, the VOS RADIUS server re-reads the
RADIUS configuration file. If any of the network configuration information changes for
either the primary or secondary server (such as IP address, socket number, or shared
secret), the VOS RADIUS Server denies all pending authentication requests. If the
network configuration has not changed, only the values for packet_timeout,
packet_retries, and multihosted are changed. It then switches to the new
configuration information and starts accepting new requests.
When the logout value is specified, the VOS RADIUS Server stops accepting new
requests, waits for existing requests to complete, and then terminates.
Command Overview
6-33
radius_admin
When the statistics value is specified, this command requests statistics from the VOS
RADIUS Server and displays them.
The following command requires write permission on the server queue:
(master_disk)>system>queues>ext_auth>ext_chal.1.server_queue
6-34
radius_auth_server
radius_auth_server
Privileged
Purpose
This command accepts requests over a server queue and communicates with an
external RADIUS authentication service to authenticate a user name and password.
Display Form
---------------------------- radius_auth_server ----------------------------log: basic
-max_sockets: 10
-timeout:
60
-syserr:
no
Arguments
-log name
&<&/(!
Specifies the type of logging the command should perform. The possible values are
basic, major, detail, and debug. The basic name specifies messages that report
startup, shutdown, and administrative actions. The major name specifies messages
that include basic messages plus all denials of authentication requests. The detail
name specifies all major messages plus all acceptances and challenges of
authentication requests. The debug name is for use by Stratus Customer Assistance
Center (CAC) and Engineering personnel. The default is basic.
-max_sockets number
Specifies the maximum number of UDP sockets the command uses while processing
authentication requests. The number can range from 10 to 500. If more authentication
Command Overview
6-35
radius_auth_server
requests arrive than can be processed using the defined maximum number of sockets,
the messages will wait until sockets become available.
If the primary and secondary IP addresses are identical, each authentication request
requires the use of a single UDP socket. Otherwise, it requires the use of two UDP
sockets. The default is 10.
-max_timout seconds
Specifies the number of seconds the command waits for an authentication request to
complete (either by the external RADIUS authentication service or by the user who is
being challenged). The time can range from 1 to 600 seconds. Requests that take
longer than this time are denied. The default is 60 seconds.
&<&/(!
-syserr
Specifies that log messages should be written to the syserr_log.(date) in
addition to writing to terminal output. The default is to write messages to only the
terminal output.
Explanation
The radius_auth_server command is a VOS server process that accepts user
authentication requests over VOS server queues, passes them to an external RADIUS
authentication service, and replies to the request with the result obtained from the
external service.
You must run only one copy of this command at a time. You must run this command
on each module of a system that has users who are registered to require the use of
external authentication.
The radius_admin command can be used to force this command to re-read its
configuration file, and can be used to log out this command cleanly (between
authentication requests, instead of in the midst of processing requests, as it would if
the stop_process command was used).
If radius_auth_server is not running, no users who are registered to require
external authentication will be able to log in or use the FTP daemon. Stratus supports
two different FTP daemons. Only the STREAMS FTP daemon implements support for
users registered to use external authentication. The older OS TCP/IP FTP daemon
ignores this attribute.
This command is a part of VOS RADIUS Support (S268) and is present on a module
when this product is purchased. When VOS RADIUS Support is purchased, this
command is started up automatically by commands in module_start_up.cm. The
command may be restarted by a system administrator who has the proper access to
the configuration file and server queues.
6-36
radius_auth_server
This command relies on the STREAMS TCP product set; the IP address of the RADIUS
servers must be accessible via an Ethernet adapter that is configured to use a
STREAMS TCP driver. This command will not work if the only route to the external
RADIUS servers is via the OS TCP/IP product set.
Note that the radius_auth_server command requires read permissions to the
configuration file (master_disk)>system>queues>ext_auth>radius.table
and write permission to the server queues:
(master_disk)>system>queues>ext_auth>ext_auth.server_queue
(master_disk)>system>queues>ext_auth>ext_chal.1.server_queue
Related Information
radius_admin
registration_admin
display_registration_info
Command Overview
6-37
registration_admin
registration_admin
Privileged
Purpose
The registration_admin command is used to add users, delete users, change
information about users, or list registered users.
Display Form
-------------------------- registration_admin ------------------------action:
command_menu
-registration_database: path_name
-registration_table:
table_name
-broadcast:
yes
Arguments
action
&<&/(!
The action to perform on the registration and password databases. The allowed
values are command_menu, add_user, add_posix_ids, list_posix_ids,
update_user_info, delete_user, list_registered_users, and
process_table. The default value is command_menu. A brief description of
these actions follows.
command_menu
Displays a command menu from which you can select any of the following actions:
add_user, update_user_info, delete_user or
list_registered_users.
6-38
registration_admin
add_user
Displays the ADD NEW USER screens, which are used to add a new user to the
system.
add_posix_ids
Adds user IDs and group IDs for all existing users in the VOS registration database.
list_posix_ids
Displays a list of all registered user names and group names along with the
corresponding numeric user IDs and group IDs.
NOTES
1. Various functions in POSIX.1 require that POSIX IDs
be present in the user registration database.
2. You should invoke the registration_admin
command with the add_posix_ids value as soon
as the module is brought up, even if you are not
planning to run any POSIX applications. This is
necessary because certain applications shipped with
VOS are POSIX applications.
update_user_info
Displays the UPDATE USER INFO screens, which are used to modify information
about a user in the system. The second UPDATE USER INFO screen is the same
as the first ADD NEW USER screen.
delete_user
Displays the DELETE USER screen, which is used to delete a user from the system.
process_table
Batch-processes user information contained in the table file specified in
the -registration_table argument. Note that you cannot choose the
process_table action from the command menu. See the section Processing
Additions and Deletions as a Batch later in this command description for
information on registration tables.
These actions are described in more detail later in this command description.
When the action selected has completed successfully, the command menu is
redisplayed. Many different registration_admin actions can be made during
one execution of the registration_admin command.
Command Overview
6-39
registration_admin
-registration_database path_name
Specifies the database to be updated. The default is the target of the link
master_module>system>configuration>user_registration.sysdb
on the master module.
The master module is designated by the create_user_sysdbs command. The
registrations database is stored on the master module, and is broadcast to other
modules in the system when registration changes are made.
When a value is not entered for this argument, the registration_admin
command first looks for a link named master_password.sysdb in the >system
directory. If the link is missing, the operating system returns an error message.
-registration_table table_name
Specifies the table file to be processed. It contains information about users whose
records are to be added to or deleted from the registration tables. This argument is
meaningful only when the process_table action is selected.
If you select the process_table action and leave this value blank, the
registration_admin command looks for the file
master_module>system>configuration>registration_admin.table
and, if successful, processes that table. If unsuccessful, it returns an error
message.
&<&/(!
-no_broadcast
Suppresses the broadcast of the updated versions of the databases
user_registration.sysdb and change_password.sysdb to the directory
>system on all modules in the system. The default value is yes, which means the
files are broadcast.
Explanation
The registration_admin command updates the files
user_registration.sysdb and change_password.sysdb and displays
information about registered users. Use this command only if the registration
databases user_registration.sysdb and change_password.sysdb have
already been created. If they have not been created before the command is issued,
VOS displays an error message. See the create_user_sysdbs command if these
databases have not yet been created.
Before modifying the databases, VOS copies the registration and password databases
to user_registration.sysdb.backup and
change_password.sysdb.backup. If an error is encountered during execution of
registration_admin, VOS renames the databases being modified to
user_registration.sysdb.error and change_password.sysdb.error and
the backup databases are renamed user_registration.sysdb and
change_password.sysdb. This ensures that valid databases are always accessible
6-40
registration_admin
by the commands that open them, and that the databases in error are available for
examination.
NOTE
The registration databases are not updated until you have
exited the command.
The registration_admin command provides a menu of actions to select from, or
you can specify an action directly when you give the command. If you omit the action
argument or select the command_menu value, a menu is displayed.
Use the command menu to perform multiple actions. If you choose an action from the
command menu, VOS returns you to the menu when that action is completed, letting
you select another action to perform without reissuing the registration_admin
command.
Stratus recommends that you add both root and nobody as users and add root and
nobody as groups to the registration database. The user name root should be
registered in the group root, and the user name nobody should be registered in the
group nobody. This is necessary because some of the system processes may run as
root, and some applications may require the presence of the user name nobody.
Note, however, that the kernel disables login for both root and nobody.
6-41
registration_admin
To initiate automatic creation of the home directory, press the (17(5! key after
modifying both ADD NEW USER screens.
The ADD NEW USER screens follow.
NOTE
The key sequences that appear on your terminal are
dependent upon the type of terminal you are using.
REGISTRATION ADMIN
Name:
Alias:
Password:
________________________________
________________________________
Groups:
Subsystems:
________________________________
________________________________
________________________________
_______________________
_______________________
_______________________
Home Dir:
________________________________________________________________
Language:
________________________________
ENTER
Continue
6-42
Shift-Funct 0
Display Menu
Shift-F7
Cancel Screen
registration_admin
REGISTRATION ADMIN
Privileged:
Default Privileged:
Password Type:
No Password Change:
Permanent Password:
Must Have Start Up Program:
Must Use Subsystem:
No Home Dir Change:
Priority:
Max Priority:
Max Processes:
Default Module:
ENTER
Register User
Create Home Dir
________________________________
F15
Register User
Do Not Create
Home Dir
Shift-Funct 0
Display
Menu
Shift-F7
Cancel
Screen
Command Overview
6-43
registration_admin
registration_admin
NOTE
If the new password contains certain punctuation marks
that the operating system recognizes as delimiters (such
as !, (, ), , ;, or &), a user may not be able to log in by
giving the password on the command line form. A
password containing delimiters can be accepted if a user
issues it after VOS displays the Password? prompt.
Groups
Required
One or more groups in which the user is to be registered. The user must be
registered in at least one group. The group name, which must be unique within the
system, is case insensitive. Note, however, that the group name supplied at login
is case sensitive.
The first Groups field is required and is the users default group: if the user is
registered in more than one group and logs in without a group name, the operating
system automatically logs the user into the group named in the first Groups field.
Note that if you need to create a new group, you must first create a new group
directory.
Subsystems
The subsystems that the user is allowed to enter. Normally, a user enters a
subsystem with the -subsystem argument to the login command. However, if
the Must Use Subsystem value is yes, the operating system logs the user
directly into the subsystem named in the first Subsystems field.
For each subsystem named, the user must have a startup command macro that
will place him or her into that subsystem. The name of the command macro must
be subsystem_name_start_up.cm.
Home Dir
The path name of the users home directory. Enter a path name in this field to
specify a home directory other than the default home directory. Specify any of the
following:
a full path name
a path name containing the (master_disk) command function
a partial path name of the form >group_name>person_name
the null string
6-45
registration_admin
files it contains
copies the standard abbreviations and start_up.cm files from the
registration_admin
No Password Change
Restricts the user from changing a password with the login command. The
default is no.
Permanent Password
Prevents the users password from expiring. The password expiration time can be
set with the login_admin command. The default is no.
Must Have Start Up Program
Requires a start_up.cm file in the users home directory before the user can log
in. The default is no.
Must Use Subsystem
Limits the user to the subsystems named in the Subsystems fields. If the user logs
in without specifying a subsystem in the -subsystem argument of the login
command, the operating system automatically places his or her process in the
subsystem named in the first Subsystems field. The default is no.
No Home Dir Change
Restricts the user from specifying another home directory by using the login
commands -home_dir argument. The user may only use the default home
directory as a home directory. If the users registration record contains a home
directory path name, the operating system uses that value; otherwise, it creates the
default home directory path name from the users default module name, login
group name, and person name. If the user tries to give an unacceptable path name,
the operating system denies the user access. The default is no.
Priority
The priority that this users processes have by default. The range is from 0
through 9 (lowest through highest). For most users, assign priorities 3, 4, 5, or 6.
See VOS System Administration: Administering and Customizing a System (R281)
for information about the meaning of the priority levels. The default value is 0, the
lowest priority.
Max Priority
The maximum priority this user can request. The range is from 0 through 9 (lowest
through highest). The default value is 0, the lowest priority. Privileged users can
explicitly set a process to run at a higher priority level.
Command Overview
6-47
registration_admin
Max Processes
A value between 0 and 255 that represents the maximum number of processes,
excluding batch processes, that the user can create at one time on a module.
However, the actual number of processes that one user can create is 1023. A value
of 0 (the default) indicates that the user can create any number of processes.
Default Module
The name of a module. This value is used to create the default home directory path
name. Refer to the description of the Home Dir field for more information.
REGISTRATION ADMIN
Name:
ENTER
Retrieve User
Records
Shift-Funct 0
Display
Menu
Shift-F7
Cancel
Screen
Type the users name and press (17(5! to access the first UPDATE USER INFO
screens. All the fields in the second UPDATE USER INFO screen are the same as the
fields in the first ADD NEW USER screensee the documentation for that screen earlier
in this section. The third UPDATE USER INFO screen has the same fields as the
second ADD NEW USER screen but includes two additional fields, Account Status
and Number Login Violations.
NOTE
The key sequences that appear on your terminal are
dependent upon the type of terminal you are using.
6-48
registration_admin
REGISTRATION ADMIN
Privileged:
Default Privileged:
No Password Change:
Permanent Password:
Must Have Start Up Program:
Must Use Subsystem:
No Home Dir Change:
Priority:
Max Priority:
Max Processes:
Account Status:
0
0
0
Terminated: no
Number Login Violations:
ENTER
Enter New Data
Shift-Funct 0
Display Menu
Shift-F7
Cancel Screen
Command Overview
6-49
registration_admin
REGISTRATION ADMIN
Name:
ENTER
Delete User
Records
Shift-Funct 0
Display
Menu
Shift-F7
Cancel
Screen
After entering the users name and pressing the (17(5! key, the following prompt
appears.
Do you really wish to delete user_name?
(yes, no)
Type yes to delete the record and redisplay the command menu. Type no to cancel
record deletion and to redisplay the command menu.
After deleting a users registration record, delete the users home directory and all links
associated with that userthese activities are not handled automatically.
6-50
registration_admin
person no_duplicates;
alias no_duplicates null_keys;
fields:
version
action
person
alias
password
group1
Command Overview
6-51
registration_admin
/*required-add*/
group2
char (32) var,
group3
char (32) var,
group4
char (32) var,
group5
char (32) var,
home_dir
char (256) var,
subsystem1
char (20) var,
subsystem2
char (20) var,
subsystem3
char (20) var,
language
char (32) var,
priv_classes
char (256) var,
privileged
bit (1),
default_privilegedbit (1),
no_password_changebit (1),
permanent_passwordbit (1),
must_have_start_upbit (1),
must_use_subsystembit (1),
no_home_dir_changebit (1),
register_for_usf bit (1),
create_home_dir
bit (1), /*add_new_user only*/
priority
fixed bin (15),
max_priority
fixed bin (15),
max_procs
fixed bin (15),
default_module
char (66) var,/*add_new_user
*/
end;
The action field is described in the instructions at the beginning of this file. Its
value can be either add or delete. The create_home_dir field is used to
specify whether the command creates the users home directory automatically, as
described previously in the Home Dir argument description. All other fields
correspond to fields on the ADD NEW USER form and are described earlier in this
section. When adding a user record, include all pertinent field values but when
deleting a user record only include the action and person values.
6-52
registration_admin
=action
=person
=alias
=password
=group1
=group2
=subsystem1
=home_dir
=language
=privileged
=default_privileged
=create_home_dir
=priority
=max_priority
=max_procs
add
R_Smith
rs
tomato
Sales
Marketing
=action
=person
=alias
=password
=group1
=privileged
=default_privileged
=priority
=max_priority
=max_procs
add
T_Jones
tj
pepper
Sales
1
1
5
6
0
=action
=person
=privileged
=default_privileged
=priority
=max_priority
=max_procs
add
B_Adams
0
0
5
6
0
=action
=person
delete
K_Collins
=action
=person
delete
A_Barton
%s1#m6>Sales>Smith
us_english
1
1
1
5
6
0
Command Overview
6-53
registration_admin
6-54
registration_admin
REGISTRATION ADMIN
USER NAME
GROUP (1)
Admin_Operator
Alice_Jones
Bob_Booth
Testers
Marketing
Sales
ENTER
Continue
Shift-Funct 0
Display Menu
Shift-F7
Cancel Screen
NOTE
If the registration database is large, it can take several
minutes for the list of registered users to appear on the
screen.
Related Information
See Chapter 4, Registering Users, and the create_user_sysdbs and
set_password_security commands.
Command Overview
6-55
security_admin
security_admin
Privileged
Purpose
The security_admin command enables or disables security logging on a module.
Display Form
-------------------------------- security_admin -------------------------------on
state:
-module: current_module
Arguments
state
&<&/(!
Enables security logging with the value. The default is on. Security logging is
disabled when the value is off.
-module module_name
The module on which the operating system is to stop or start security logging. The
default value is the current module.
Explanation
The security_admin command opens and logs access violation messages to the
file >system>security_log.(date). If security logging on a system has been
disabled, enabling event auditing with the audit_admin command will re-create a
security_log.(date) fileyou do not need to reissue the security_admin
command. Issuing audit_admin security -audit is logically equivalent to
issuing security_admin on.
6-56
security_admin
Examples
The following example disables security logging on module m9.
security_admin
off
-module m9
Related Information
See Chapter 5, Managing Security, and the description of the audit_admin
command for information about other messages that can be logged to the
syserr_log.(date) file.
Command Overview
6-57
set_object_audit
Privileged
set_object_audit
Purpose
The set_object_audit command selects system objects and internal commands to
be audited.
Display Form
--------------------------- set_object_audit ---------------------------pathname:
-internal_command:
state:
on
-state
Arguments
-pathname path_name
The path name of a file or device whose audit state is to be changed. Star names
are not accepted. Either this argument or the -internal_command argument
must be supplied. This argument and the -internal_command argument are
mutually exclusive.
-internal_command internal_command
Name of an internal command whose audit state is to be changed. Star names are
not accepted. Either this argument or the -pathname argument must be supplied.
This argument and the -pathname argument are mutually exclusive.
state
Enables/disables auditing for the designated object. The values are on and off.
The default value is on.
6-58
set_object_audit
Explanation
The set_object_audit command permits the selection of individual system objects
(files, directories, devices or internal commands) to be audited. The
set_object_audit command must be used in conjunction with audit_admin
object. It does not matter what order these commands are invoked. The audit
information is logged to the security_log.(date) file. In the following example, the
user sets object auditing on the salaries file. Messages to the
security_log.(date) file indicate that the file was opened (edited) and saved, and
that a backup of the file was created:
1:
2:
3:
4:
Examples
The following command enables auditing on the file may_reports:
set_object_audit on -pathname %sal#m2>Reports>may_reports
Note that events related to the file are not audited until audit_admin object
-audit has been issued.
Command Overview
6-59
set_object_audit
Related Information
See Chapter 5, Managing Security, and the documentation for audit_admin,
configure_commands, and set_process_audit in this chapter.
6-60
set_password_security
set_password_security
6-
Purpose
The set_password_security command sets restrictions on the format of a
password.
Display Form
------------------------ set_password_security ------------------------m odule_name
module_name:
-forbid_vowels:
no
-forbid_repeating_chars:
no
-forbid_user_name:
no
-forbid_repeat_password:
no
-forbid_frequent_changes:
no
-num_hours_between_changes: 24
-forbid_passwords_in_table: no
-forbid_reverse:
no
-forbid_anagram:
no
-req_alpha_numeric:
no
-forbid_begin_end_numeric: no
-req_change_first_login:
no
Command Overview
6-61
set_password_security
Arguments
NOTE
The values displayed by this command are the same as
the values set by the set_password_security
command in the module_start_up.cm file or by the
most recent invocation of the command.
module_name
Required
The name of the module on which the password restriction is to be set. The value
for module_name must be a single module. If you do not specify a value when you
first invoke the command, VOS prompts for the module name before displaying the
form of the command.
&<&/(!
-forbid_vowels
Prohibits passwords with vowels. If you omit this argument, a user may choose a
new password containing vowels. The initial default value is no.
-forbid_repeating_chars
&<&/(!
Prohibits passwords with repeating characters. If you omit this argument, a user
may choose a new password containing repeating characters. The initial default
value is no.
&<&/(!
-forbid_user_name
Prohibits a user from creating a password containing his name. User Tom_Jones
could not choose tom, jones, or tomjones as his password if this field is cycled
to yes. If you omit this argument, a user may choose a new password that is
contained in his user_name. The initial default value is no.
6-62
set_password_security
-forbid_repeat_password
&<&/(!
Prohibits a user from selecting one of his last five passwords as the current
password. If you omit this argument, a user may choose a new password that is
the same as one of his previous five passwords. The initial default value is no.
&<&/(!
-forbid_frequent_changes
Prohibits a user from changing his password for a second time within the time
period defined by -num_hours_between_changes. If you omit this argument, a
user may change his password as many times as he chooses. The initial default
value is no.
-num_hours_between_changes hours
Specifies the number of hours a user must wait before changing his password
again. The minimum length of time is one hour. This argument has no effect unless
-forbid_frequent_changes is yes. The initial default value is 24.
&<&/(!
-forbid_passwords_in_table
Prohibits a user from choosing a password that is contained in the file
(master_disk)>system>forbidden_passwords.table. A system
administrator may prohibit the use of certain passwords by including them in this
table. If you omit this argument, VOS ignores the forbidden_password.table
file, if one exists. The initial default value is no. See Restricting Passwords in
Chapter 4 for more information on using the forbidden_passwords.table file.
&<&/(!
-forbid_reverse
Prohibits a user from choosing a password that is the reverse of his user name. If
you omit this argument, a user may choose a password that is the reverse of his
user name. The initial default value is no.
&<&/(!
-forbid_anagram
Prohibits a user from choosing a password that is an anagram of his user name. If
you omit this argument, a user may choose a password that is an anagram of his
user name. The initial default value is no.
&<&/(!
-req_alpha_numeric
Requires the password to contain both letters and numbers. If you omit this
argument, a user may choose a password that does not contain both letters and
numbers. The initial default value is no.
&<&/(!
-forbid_begin_end_numeric
Prohibits a password that has a numeric character at the beginning or at the end.
If you omit this argument, a user may choose a password that begins or ends with
a numeric character. The initial default value is no.
&<&/(!
-req_change_first_login
Requires a user to change his password after being registered as a new user by
registration_admin. (When the new user logs in via the login command for
Command Overview
6-63
set_password_security
the first time, he will automatically be prompted for a new password as if he had
typed login -change_password.) If you omit this argument, a new user is not
required to change his password when he first logs in. The initial default value is
no.
Explanation
The command set_password_security enables the restriction of passwords. This
command identifies the module to which the controls apply, the password formats that
will be permitted or required, the minimum number of hours between changes in
passwords, whether there are forbidden passwords specified in a table, and whether
the password must be changed the first time a user logs in.
When the set_password_security command is shipped, the default setting is to
have each control turned off. However, once you have set the arguments to provide the
desired level of security, the new values remain in effect until the module is rebooted.
To ensure that the correct security controls are in place each time the module is
rebooted, include the set_password_security command in the
module_start_up.cm file. The initial default values for the arguments of the
set_password_security command are as follows.
Argument
module_name
-forbid_vowels
no
-forbid_repeating_chars
no
-forbid_user_name
no
-forbid_repeat_password
no
-forbid_frequent_changes
no
-num_hours_between_changes
24
-forbid_passwords_in_table
no
-forbid_reverse
no
-forbid_anagram
no
-req_alpha_numeric
no
-forbid_begin_end_numeric
no
-req_change_first_login
no
NOTE
All modules in a system must be running the same release
of the operating system and all must have the same
6-64
set_password_security
Examples
The following command sets password security controls for module m3 to prohibit any
part of the user name from being contained in the new password, forbid anagrams in
the new password, and forbid repeating characters in the new password.
set_password_security m3 -forbid_user_name -forbid_anagrams
-forbid_repeating_chars
The following command sets password security controls for all modules in the current
system to restrict the minimum number of hours between change to 200, and to require
alpha-numeric passwords.
set_password_security * -forbid_frequent_changes
-num_hours_between_changes 200 -require_alpha_numeric
Related Information
See Restricting Passwords in Chapter 4 of this manual.
Command Overview
6-65
set_priority
set_priority
Privileged
Purpose
The set_priority command sets the priority for one or more processes.
Display Form
----------------------------- set_priority ----------------------------priority:
process_name:
-user:
current_user
-module:
-ask:
no
Arguments
priority
Required
The priority level to be assigned to each designated process. The minimum priority
is 0, and the maximum priority is 9.
process_name
One or more processes that will receive the designated priority. A process_name
value can be a star name.
If you omit both process_name and -user, the operating system sets the priority
for the process issuing the command.
6-66
set_priority
-user user_name
One or more users whose processes will receive the designated priority. A
user_name value can be a star name. To give the name of another person, you
must be logged in as privileged. The default value is current_user.
-module module_name
The module that is running the processes whose priorities you are setting. The
default is current_module.
&<&/(!
-ask
Asks you if you want to set the priority for a process when you specify a star name
for process_name. The default value is no, meaning the operating system sets
the priority for each process without asking you.
Explanation
This command sets the priority for all processes that match the specified process name
and user name.
Unless you are logged in as privileged, you cannot:
change the priority of another users process
assign a higher priority to a process than the value specified in the registration
database entry of the user who owns the process. (This applies to all processes,
including your own.)
Examples
The following command sets a priority level of 7 for the process make_report.
set_priority
make_report
The following command sets a priority level of 5 for all processes of user Smith that
are running on module m3.
set_priority
-user Smith.*
-module m3
The following command sets a priority level of 6 on all process names with the suffix
.compute being executed by anyone in the accounting group on the current module.
set_priority
*.compute
-user *.accounting
Related Information
See VOS System Administration: Administering and Customizing a System (R281)
and the registration_admin command in this manual.
Command Overview
6-67
set_process_audit
set_process_audit
Privileged
Purpose
The set_process_audit command audits processes or users.
Display Form
-------------------------- set_process_audit --------------------------state: o n
process_name:
-user:
current_user
-module:
-ask:
yes
Arguments
state
Enables/disables process auditing for the designated process. The default is on.
See the Explanation section for operating system messages regarding verification
of process auditing.
process_name
The name or star name of a process or set of processes to be audited. The
command audits all of the processes whose names match process_name, except
for the process issuing the command. If process_name is a star name and you do
not specify -no_ask, the command prompts for confirmation to audit you. By
default, the operating system audits all processes identified by -user or -module.
6-68
set_process_audit
-user user_name
Specifies the name or star name of a user or set of users. This allows you to audit
only the processes named process_name that were started by the specified
users. By default, the operating system uses your user name. The command does
not audit the process from which you issue the command. Your process must be
privileged to audit another users process.
-module module_name
Specifies the module executing the processes to be audited. By default, the
operating system uses the module executing your login process.
&<&/(!
-no_ask
Suppresses the prompt, when you specify a star name for process_name, asking
whether to audit a process with a matching name. By default, the operating system
asks before auditing each process.
Explanation
This command audits a specified process. The audit_admin command must be
invoked in conjunction with this command in order for process auditing to log events to
the security log.
After invoking the set_process_audit command, VOS prompts you to verify which
processes to audit. If the value of the state argument is on, the system displays the
following message, asking you to verify the processes to be audited.
Verify processes to be audited.
If the value of the state argument is off, the system displays the following message,
asking you to verify the processes that are not to be audited.
Verify processes not to be audited.
Type yes to audit the process, no to cancel the audit, or info to get more information
about that specified process.
Examples
To audit all the activities of Emma Wilcox, invoke the following commands:
set_process_audit on -user Emma_Wilcox
Verify processes to be audited.
Emma_Wilcox.Education (login)? (yes, no, info) y
Enabling audit of Emma_Wilcox.Education (login).
audit_admin process -audit
Command Overview
6-69
set_process_audit
Related Information
See Chapter 5, Managing Security, and the documentation for the audit_admin
and the set_object_audit commands in this chapter.
6-70
set_registration_info
set_registration_info
6-
Purpose
This command changes the specified record in the change_password.sysdb file on
the master module and broadcasts the change to >system on all the other modules in
the system.
Display Form
------------------------- set_registration_info -----------------------user_name:
-password:
-module:
Arguments
user_name
Required
The user whose record is to be changed in the password file on the master module.
The value given must contain the users person name as it is recorded in the
change_password.sysdb file. (This is the same value given in the registration
database.) If user_name includes a group name, the group name is ignored. The
operating system does not recognize an alias in this argument.
-password password
Required
Permits a users password to be modified by someone other than the user. The
password is not displayed on the screen. The length and format of the password
are validated according to the minimum length and format defined by the
login_admin command. Note that if the password is managed by an external
authentication service (such as RADIUS), it is not possible for a VOS System
Administrator or a VOS user to change their password. For information on
passwords, see Valid Passwords in Chapter 5.
Command Overview
6-71
set_registration_info
-module module_name
The name of a module on another system. This argument is needed only to gain
access to the password database on another system.
Explanation
The set_registration_info command modifies the records of a specified user in
the registration database. When the -password argument is used, any password
changes that the user has made are nullified and a new password is created. The other
purpose is to reinstate the users account. Note that if the account you are reinstating
was terminated for reasons unrelated to passwords, you need to give only the
user_name argument.
This command is useful in several cases: when users have changed their passwords
and have forgotten them, when users are locked out of the system because their
passwords have expired, or when users accounts have been terminated because they
have exceeded the maximum allowable number of login attempts.
Examples
The following command changes the password of user Smith to jls on the current
module.
set_registration_info
Smith
-password jls
Related Information
See Chapter 4, Registering Users, and the registration_admin and
create_user_sysdbs commands.
6-72
update_password_info
update_password_info
Privileged
Purpose
This command causes each registered user to have a currently valid password before
the password expiration time is set with the login_admin command.
Display Form
------------------------- update_password_info ------------------------No arguments required. Press ENTER to continue.
Explanation
This command opens the change_password.sysdb database in the
>system>configuration directory on the systems master module and updates
each record by changing the time of the last password change to the time the command
is executed. The modified database is then broadcast over the system. This prevents
users from being denied login access because their passwords became out-of-date
when a new password expiration date was set.
Issue this command before using the login_admin command either to set a
password expiration time for the first time, or to change the current value to a shorter
time interval.
Related Information
See Chapter 4, Registering Users.
Command Overview
6-73
wait_for_overseer
wait_for_overseer
6-
Purpose
This is a system process command. It is used only within module_start_up.cm
files.
The wait_for_overseer command ensures that the Overseer process is running
before allowing module startup to proceed.
Display Form
-------------------------- wait_for_overseer --------------------------module:
Arguments
module_name
The module containing the Overseer process. The default value is the current
module. Never give any other value for this argument.
Related Information
See VOS System Administration: Starting Up and Shutting Down a Module or
System (R282) and the overseer command in VOS System Administration:
Administering and Customizing a System (R281). See also the
module_start_up.cm file shipped with the installation software. This file is stored in
the directory (master_disk)>system>release_dir.
6-74
wait_for_tp_overseer
wait_for_tp_overseer
6-
Purpose
This is a system process command. It is used only within module_start_up.cm
files.
The wait_for_tp_overseer command ensures that the module startup waits only
the amount of time you specify before allowing the module startup to proceed. If the
TPOverseer takes longer to finish log processing, TP applications cannot be started
until log processing is completed.
Display Form
------------------------- wait_for_tp_overseer ------------------------time_out: 0
Arguments
time_out minutes
A number, ranging from 0 to 30, specifying how many minutes the module startup
will wait for the TPOverseer to finish log processing before allowing the module
startup to continue. When the time_out value is not specified, the module startup
waits until the TPOverseer log processing is complete.
Related Information
See VOS System Administration: Starting Up and Shutting Down a Module or
System (R282) and the tp_overseer command in VOS System Administration:
Administering and Customizing a System (R281). See also the
module_start_up.cm file shipped with the installation software. This file is stored in
(master_disk)>system>release_dir.
Command Overview
6-75
wait_for_tp_overseer
6-76
Chapter 7
Subroutines
7-
This chapter documents the subroutines that are useful in writing programs for
RADIUS. The following subroutines are included:
s$get_registration_info
s$perform_ext_authentication
Subroutines
7-1
s$get_registration_info
s$get_registration_info
Purpose
The s$get_registration_info subroutine returns registration information for a
specified user.
7-2
7-
s$get_registration_info
Usage
char_varying (66)
char_varying (32)
short int
char_varying (256)
remote_module;
person_name;
error_code;
text;
/* Version 5 */
typedef struct $longmap
{
short int
short int
struct
{
long int
char
long int
long int
char_varying (32)
char_varying (32)
char_varying (256)
char_varying (32)
unsigned short
short int
short int
short int
char_varying (32)
char_varying (32)
short int
short int
short int
short int
char_varying (32)
short int
} data
long int
long int
} registration_info_v5_type;
version;
unused;
valid_password_expires;
priv_classes [4];
password_grace_time;
time_last_changed;
person;
password;
home_dir;
groups [5];
flags;
priority;
max_priority;
max_processes;
subsystem [3];
language;
min_password_len;
max_bad_logins;
num_login_violations;
password_format;
prev_passwords [5];
pad_bytes;
uid;
gids[5];
registration_info_v5_type info;
void s$get_registration_info ( char_varying (66) *,
char_varying (32) *,
registration_info_v5_type *,
short int *,
char_varying (256) *);
(Continued on next page)
Subroutines
7-3
s$get_registration_info
(Continued)
s$get_registration_info (&remote_module,
&person_name,
&info,
&error_code,
&text);
Arguments
remote_module (input)
The name of the remote module you want to access. The value of
remote_module must be a full module name. If remote_module is the null string
(the string length of 0), the current module is used.
person_name (input)
The name or login alias of the person seeking access to the module. The value
cannot be a user starname.
info (input/output)
The structure that contains the registration information.
version (input)
The version number must be 5.
unused (output)
The value of this field is undefined.
valid_password_expires (output)
The date and time that the password of this user expires in operating system
integer date-time form. If the value is zero, the password never expires.
priv_classes (output)
This field is not presently used.
password_grace_time (output)
The number of seconds beyond the password expiration time that this user has
to log in and change his or her password.
person (output)
The name of the user.
password (output)
The encrypted VOS password of the user. This password must not be used if
the external_authentication flag is true, rather; the user must be
authenticated using the s$perform_ext_auththentication subroutine.
7-4
s$get_registration_info
home_dir (output)
The full path name of the home directory of the user.
groups (output)
An array of VOS group names that the user is permitted to use.
flags (output)
The value of flags is a binary coding of logical variables that are described in
the following table. For information on how to decode the flags, see the
discussion of logical arguments in the VOS Subroutines manuals. All unused
switches are reserved for future use.
Bit
Switch Name
Description
16
external_authentication
32
must_change_password
64
permanent_password
128
account_terminated
256
obsolete0
512
no_home_dir_change
1024
obsolete1
2048
must_use_subsystem
4096
must_have_start_up
8192
no_password_change
16384
default_privileged
Subroutines
7-5
s$get_registration_info
Bit
Switch Name
Description
32768
privileged
priority (output)
The priority value of a process created for this user.
max_priority (output)
The maximum value of the priority of a process that is created for this user.
max_processes (output)
The maximum number of simultaneous processes that may be created for this
user.
subsystem (output)
An array that holds up to 3 names of subsystems that this user may specify at
login. The login command prefixes the name of the subsystem to the
start_up.cm macro. For example, a user with a subsystem of sales runs
sales_start_up.cm.
language (output)
The operating system language to use for a process created for this user.
min_password_len (output)
The minimum number of characters in a VOS password chosen by this user.
max_bad_logins (output)
If zero, this value is ignored. If greater than zero, the number of consecutive
logins that are rejected before the users account should be terminated.
num_login_violations (output)
The number of consecutive login attempts that have been rejected.
password_format (output)
The password format for this user. A value of 1 specifies any format. A value
of 2 specifies that this user must use a password that contains at least one
punctuation character and the first such punctuation character must not be the
first or last character.
prev_passwords (output)
An array that holds up to 5 of the most recently used passwords for this user.
This can be used to control the ability of the user to reuse old passwords.
pad_bytes (output)
The value of this field is undefined.
7-6
s$get_registration_info
error_code (output)
A returned error code.
text (output)
Additional error information that is displayed when a nonzero error_code is
returned.
uid (output)
The POSIX uid (user ID) value for this user.
gids (output)
The POSIX gid (group ID) values that this user may use. These values are in the
same order as the group values.
Explanation
The s$get_registration_info subroutine get the VOS registration information for
a specified user.
Note that the returned password is enciphered using a one-way algorithm. To verify a
putative user-supplied password against their registered VOS password, you should
first encrypt the user-supplied password using the s$encipher_password
subroutine, and then compare the enciphered passwords. Stratus does not supply a
method to reverse an enciphered password.
The external_authentication flag indicates that the user must be authenticated
using an external authentication service. You must call the
s$perform_ext_authentication subroutine for this purpose.
The caller must have read permission on the following files:
(master_disk)>system>network_access.table
(master_disk)>system>change_password.sysdb
(master_disk)>system>master_password.sysdb
(master_disk)>system>user_registration.sysdb
The caller of s$get_registration_info must be privileged.
Examples
None
Related Information
s$encipher_password
s$perform_ext_authentication
s$verify_system_access
Subroutines
7-7
s$perform_ext_authentication
s$perform_ext_authentication
Purpose
This subroutine takes the information necessary to authenticate a user using an
external authentication service, communicates with the authentication service, and
returns the results to the caller.
7-8
7-
s$perform_ext_authentication
Usage
long int
short int
char_varying
char_varying
char_varying
long int
long int
long int
long int
char_varying
char_varying
short int
(128)
(32)
(128)
(128)
(128)
msg_type;
msg_priority;
client_handle;
person_name;
password;
chal_type;
auth_type;
timeout;
response;
cookie;
challenge;
code;
Arguments
The symbolic names used in the following arguments are taken from the include file
ext_auth_message.incl.c, which is distributed with VOS RADIUS Support.
Subroutines
7-9
s$perform_ext_authentication
msg_type (input)
An integer that specifies whether this call is a new request for authentication, or a
response to a challenge from a previous request for authentication. It must have
one of the following values:
EAM_MSG_INITIAL
EAM_MSG_RESPONSE
1
2
1
2
s$perform_ext_authentication
The value 1 specifies that the client is prepared to handle single or multiple
challenges. The value 2 specifies that the client is not prepared to handle a
challenge. A user who is registered to require a challenge response and then
attempts to authenticate via a client that does not handle challenges will be denied
authentication.
auth_type (input)
An integer that specifies the type of authentication. It must have one of the
following values:
EAM_AUTH_LOGIN
EAM_AUTH_FTP
EAM_AUTH_RSN
EAM_AUTH_OTHER
1
2
3
4
The value 1 specifies that the client is the login command. The value 2 specifies
that the client is the FTP daemon. The value 3 specifies that the client is the remote
service network. The value 4 specifies that the client is some other, unspecified,
client.
timeout (input)
An integer that specifies the length of time, in units of 1/1024ths of a second, that
the subroutine should wait for the authentication request to complete. A value of
zero specifies no waiting. A value of -1 specifies an indefinite wait period. A
positive value specifies a specific wait period.
response (output)
An integer that specifies the response to the authentication request. It has one of
the following values:
EAR_RESPONSE_ACCEPTED
EAR_RESPONSE_DENIED
EAR_RESPONSE_CHALLENGED
1
2
3
Subroutines
7-11
s$perform_ext_authentication
cookie (input/output)
A character-string value used to coordinate between multiple invocations for the
same authentication request.
When the msg_type argument is 1 (initial authentication), this argument is ignored
on input, and is set on output as follows:
If a response code of 1 or 2 is returned, this argument is set to the null string.
If a response code of 3 is returned, indicating that the user has been
challenged, this argument is set to a non-null value.
When the msg_type argument is 2, the caller must pass the value that was
returned when the user was challenged (response code 3).
NOTE
The external authentication service can request multiple
challenges; therefore, even if you supply the correct
response to a challenge, another challenge could be sent.
The contents of this argument should not otherwise be used or modified by the
caller.
challenge (output)
A character-string value. If the response argument has the value 1 or 2, this
argument is null. Otherwise, it contains the text of the challenge. This text must be
displayed to the user.
code (output)
An integer, representing a standard VOS status code. All calls that successfully
invoke the external authentication service return zero. All nonzero values imply that
the authentication request was unsuccessful.
Explanation
The caller of this subroutine supplies the person name and password (if any) of the
person to authenticate. It also indicates whether it permits challenges, the type of
authentication request, a timeout value, and makes the call. This subroutine
communicates with the external authentication service and returns information
indicating whether or not the authentication request was accepted, denied, or
challenged.
A result that indicates acceptance or denial is final and no further action on the part of
the caller is required.
A result that indicates that the authentication request is being challenged requires the
caller display the text of the challenge to the user, obtain a response from the user, and
7-12
s$perform_ext_authentication
reinvoke the subroutine. The reinvocation must supply the same person_name,
client_handle, and auth_type as the initial call, must supply the response to the
challenge in the password argument, and must set the msg_type argument to 2
(EAM_MSG_RESPONSE). The value of the cookie argument must be the same as that
returned by the previous call with these arguments. The msg_priority, chal_type,
and timeout arguments may be different. For example, a client that can accept, at
most, a single challenge, can set chal_type to 1 on the initial call, and to 2 on the
subsequent call. Clients that can accept any number of challenges should set
chal_type to 1 on each call.
All calls that successfully invoke the external authentication service return a VOS
status code of zero. All calls that return a nonzero VOS status code have failed to
authenticate the user.
A caller that specifies that challenges are forbidden will never receive back a request
to perform a challenge; instead, any authentication attempts are denied. Note, these
attempts may succeed at the external authentication service, but the VOS external
authentication server will convert them to a denial.
A caller that does not wait a sufficiently long period of time for a response from the
external authentication service will receive a result that denies access to the user.
A caller that is asked to challenge the user, but which does not supply a correct
response within the time interval set by either the VOS or the external authentication
service (whichever one has the shortest time value), will receive a result that denies
access to the user.
A caller that supplies invalid argument values, or combinations of invalid values, will
receive a nonzero VOS status code value.
It is the responsibility of the client to insert any necessary real-time delays after a failed
login attempt to prevent an attacker from rapidly trying many different passwords.
Access Requirements
You need execute permissions on
>system>queues>ext_auth>ext_auth.server_queue in order to initiate an
authentication request.
You need execute permission on
>system>queues>ext_auth>ext_chal.1.server_queue to respond to a
challenge.
Subroutines
7-13
s$perform_ext_authentication
Error Codes
The following table explains some of the error codes this subroutine might return. Any
nonzero code indicates a failure of this subroutine to authenticate the user.
7-14
e$invalid_arg
e$invalid_msg_priority
e$invalid_message
e$wrong_version
Appendix A
VOS Commands for
Privileged Users
A-
This appendix lists the VOS commands for privileged users. If users are privileged,
they are able to use additional commands, requests, and subroutines besides those
available to general users. To be privileged, users must be registered with the
privileged attribute in the registration databases, or they must specify the
-privileged argument when they log in.
Table A-1. Privileged VOS Commands (Page 1 of 6)
Command
Documented In
accounting_admin
add_default_library_path
add_disk
analyze_system
audit_admin
batch_admin
batch_overseer
cancel_disk_retry
cancel_fast_disk_recovery
A-1
Documented In
change_terminal
check_jiffy_times
configure_async_lines
configure_boards
configure_comm_protocol
configure_devices
configure_disks
configure_firmware_types
configure_languages
copy_dump
copy_kernel
create_os_symtab
delete_default_library_path
delete_disk
dismount_disk
display_bad_blocks
A-2
Documented In
display_disk_label
display_calendar_clock
dump_disk
format_disk
initialize_boot_disk
initialize_disk
initialize_duplex_disk
iop_disk_tape_admin
link_boot_server
load_control_admin
load_kernel_program
log_registered_users
login
login_admin
logout_admin
memory_control
merge_dumps
A-3
Documented In
mount_disk
network_watchdog
overseer
reconfigure_memory
recover_disk
refresh_disk
registration_admin
reload_disk
remove_disk_pack
reset_configuration
salvage_disk
security_admin
select_duplex_disk
set_bootload_time
set_date_time
set_default_library_paths
set_default_time_zone
A-4
Documented In
set_jiffy_times
set_lock_wait_time
set_log_protected_file
set_object_audit
set_partition_size
set_password_security
set_priority
set_process_audit
set_tuning_parameters
setup_disk_pack
specify_cpu_configuration
spooler_admin
start_disk_recovery
tp_overseer
uninitialize_disk
update_channel_info
A-5
Documented In
update_default_cmd_limits
update_disk_label
update_password_info
update_process_cmd_limits
validate_hub
A-6
Index
Index-
A
abbreviations file, 4-6
Access codes, 1-1, 1-3
device
null, 3-9
read, 3-9
write, 3-9
directory
modify, 3-6
null, 3-5
status, 3-6
undefined, 3-3, 3-5
file
execute, 3-3
null, 3-3
read, 3-3
write, 3-3
internal command
null, 3-13
read, 3-13
write, 3-13
Access control lists (ACLs), 1-3, 3-2
directory, 3-6
discretionary, 1-3
displaying for internal commands, 3-15
file, 3-3
in the installation software, 3-17
mandatory, 1-3
searching, 1-4
access event type, 5-7
Access lists
device, 3-9, 3-10
internal command, 3-13
sharing, 3-15
system_default, 6-9
Access rights, 1-1
determining, 1-4
displaying
device, 3-12
directory, 3-6
file, 3-3
internal command, 3-16
enabling for internal commands, 6-9
giving, 2-2
device, 3-10, 3-11
directory, 3-7
file, 3-4
propagating through directories, 3-8
removing
device, 3-12
directory, 3-7
file, 3-5
internal command, 3-16
undefined, 1-4
Access violations, 5-1
auditing, 5-7
displaying, 5-2
monitoring, 5-2, 6-55
notifying, 6-31
Accounting facility
disabling, 6-3
logging
commands, 6-3
file use, 6-3
port statistics, 6-3
transactions, 6-3
accounting_admin command, 6-2
ACLs. See Access control lists (ACLs)
ADD NEW USER screen, 6-38, 6-41, 6-43
Adding
disks, 2-5
home directories, 4-4
users, 4-4, 6-40
in a batch process, 6-49
screen for, 6-43
admin event type, 5-7
Administering
security logging, 6-55
system accounting, 6-2
system auditing, 5-6
Administrator commands, 6-1
Index-1
Index
Alias, 6-43
analyze_system command, 3-12
Associating
devices with device access lists, 3-9
drivers and modules with device access
lists, 3-10
internal commands with internal command
access lists, 3-15, 6-9
audit_admin command, 5-5, 6-5
Auditing
events
default, 5-6
selectable, 5-6
I/O events, 5-7
internal commands, 5-7, 6-9
enabling, 5-8
using the internal_commands.tin
file, 5-8
objects, 5-7
processes, 5-7, 6-67
system events, 1-1, 1-3
enabling, 6-6
users, 5-7
B
Batch processes and registration, 6-49
Broadcasting registration databases, 6-39,
6-72
C
C2 security standard, 1-1
Case sensitivity
password, 4-10
user names in registration tables, 6-43
change_password.sysdb file, 3-17, 4-2,
6-70, 6-72
Changing
module name, 4-12
passwords, 4-8, 6-46
minimum hours between, 6-61
system name, 4-12
Characters in user names, 1-2
Command access lists. See Internal commands
access lists
Commands, 6-1
accounting_admin, 6-2
audit_admin, 6-5
configure_commands, 6-9
Index-2
D
DACLs. See Default access control lists
(DACLs)
Data definition files
forbidden_passwords.dd, 4-10
internal_commands.dd, 3-14
registration_admin.dd, 6-50
Databases for registration, 4-1, 6-39
Index
Disabling
accounting facility, 6-3
event auditing, 6-6
internal command access settings, 3-16
security logging, 6-31
Disks, 2-5
display_registration_info
command, 6-14
Displaying
access violations, 5-2, 6-31
ACLs
device, 3-12
directory, 3-6
file, 3-3
internal command, 3-16
audited event types, 6-6
DACLs
of files in a directory, 3-7
of files in the acl directory, 3-12, 3-16
default access rights, 3-8
subprocess information, 6-22
Displaying access to devices, 3-11
Drivers and modules
setting access to, 3-10
dump_dvt request, 3-12
E
Enabling
auditing
event, 5-5
object, 6-57
objects and internal commands, 5-7
processes and users, 5-7
forbidden_passwords.table
file, 4-11
security log, 6-55
security logging, 6-31
Entries in access lists, 3-2
Events, 1-1, 1-3
auditing, 6-5, 6-6
default, 5-6, 5-7
information logged, 5-8
selectable, 5-6, 5-7
types
displaying audited, 6-6
types of, 5-7, 6-5
execute access, 3-3, 3-13
Index-3
Index
F
Files
abbreviations, 4-6
access rights, 3-3
default, 3-2
change_password.sysdb, 3-17, 4-2
devices.tin, 3-10, 3-11
displaying DACLs of, 3-7
giving access to, 3-4
internal_commands.table, 6-9
logging, 6-3
master_password.sysdb, 4-2, 6-39
module_start_up.cm, 5-13
network_access.table, 5-2
radius.dd, 5-16
radius.tin, 5-16
registration_file.tin, 4-7, 6-52
security_log.(date), 5-1, 6-30
start_up.cm, 4-6
syserr_log.(date), 6-55
system_default, 1-3
user_registration.sysdb, 3-17,
6-39
forbidden_passwords.dd file, 4-10
forbidden_passwords.table file, 4-2,
4-11
forbidden_passwords.tin
case sensitivity in, 4-10
FTP access, 5-11
unauthorized, 5-11
ftpd daemon
-allow_any_port, 5-11
-security_check_file, 5-11
Full path name of a group directory, 2-1
G
Giving access
default, 3-8
device, 3-10, 3-11
directory, 3-7
file, 3-4
Group directories, 1-2
creating, 2-2
deleting, 2-7
linking to the (master_disk)
directory, 2-2
links, 2-5
location on master disk, 2-1
Index-4
moving, 2-6
planning structure of, 2-1
Groups, 1-2, 6-44
in installation software, 2-8
names, 1-2
number a user may belong to, 2-1
representing all a user is in, 1-3
representing all users in a, 1-3
setting device access lists for, 3-10
SysAdmin, 2-8
System, 2-8
unknown, 3-6
H
Home directory, 4-4, 6-40, 6-44
files in, 4-6
linking to others in the same group, 2-5
I
I/O traffic statistics, 6-3
Identifiers. See Names
Inactive processes logged out, 6-27
Installation software, 3-17
groups in, 2-8
Internal commands
access lists, 1-3, 3-13
removing access from, 3-16
access rights, 3-13
auditing, 5-7
displaying access to, 3-15
listing, 3-13
restricting access to, 3-13
setting access to, 3-13, 6-9
internal_commands.dd file, 3-14
internal_commands.table file, 6-9
internal_commands.tin file, 3-14
internal command auditing, 5-8
setting internal command auditing in, 5-8
io event type, 5-7
L
Limiting maximum users on a module, 5-13
Linking
between the home directories and group
directories, 2-5
Index
M
Managing security, 4-1
Mandatory ACLs, 1-3
Master module, 4-1
specifying, 6-12
(master_disk) directory, 2-1
master_password.sysdb file, 4-2, 6-39
Maximum users, 5-13
Menus for registration functions, 6-40
Messages
security_log.(date), 5-3
syserr_log.(date), 5-8
modify access, 3-6
Modifying
change_password.sysdb file, 6-70
module_start_up.cm file, 5-13
audit_admin command, 6-6
configure_commands command, 6-10
login_admin command, 6-23
logout_admin command, 6-28
set_password_security
command, 6-63
wait_for_overseer command, 6-73
wait_for_tp_overseer
command, 6-74
Modules
changing the name of, 4-12
default, 6-47
setting password restrictions on, 6-61
statistics for, 6-2
Monitoring
access violations, 5-2, 6-55
command use, 6-3
file use, 6-3
port use, 6-3
process statistics, 6-3
transaction processing, 6-3
Moving group directories, 2-6
must_have_start_up_program
attribute, 4-4
N
Names
group, 1-2, 6-44
person, 1-2
defining, 6-43
star, 1-3
user, 1-2
aliases, 6-43
network_access.table file, 5-2
notify_security_violation
command, 5-2, 6-30
null access, 1-4, 3-3, 3-5, 3-9, 3-13
O
object event types, 5-7
Objects, 1-1
access rights for, 3-1
auditing, 5-7, 6-57
discretionary access control lists for, 1-3
Operating system logins, 4-1
Overseer process, 2-8
P
Password database, 6-13
Passwords, 3-17, 4-2, 5-21, 6-44
access violations, 5-1
case sensitive, 4-10
change_password.sysdb file, 4-9
changing, 1-5, 4-8, 6-46
Index-5
Index
pre-login, 6-21
priority level of
specifying, 6-65
privileged, 6-45
service, 6-1
statistic logging of, 6-3
subprocess, 6-22
propagate_access command, 3-8
R
RADIUS
access-request packets, 5-30
FTP Daemon error messages, 5-4
login command error messages, 5-4
reject authentication requests, 5-31
shared secret, 5-20
test procedure, 5-25
radius_admin command, 6-32
radius_auth_server command, 6-34
radius.tin file, 5-17
read access, 3-3, 3-9, 3-13
Registered users list, 6-53
Registering users, 4-1, 4-2, 4-4, 6-37, 6-40
batch processing, 6-40
Registration databases, 3-17, 4-1, 6-13, 6-39
broadcasting, 6-39
master, 4-1
optional files, 4-2
specifying, 6-39
system, 4-1
Registration information, 4-8
deleting, 6-48
updating, 4-8
registration_admin command, 6-37
invoking after adding a new group
directory, 2-3
menus for, 6-40
process_table action, 4-8, 6-49
registration_admin.dd file, 6-50
registration_file.tin file, 4-7, 6-17,
6-52
Removing access
default, 3-8
device, 3-12
directory, 3-7
file, 3-5
internal command, 3-16
Index
Restricting
access
device, 3-10, 3-11
directory, 3-7
file, 3-4
internal command, 3-13
number of users on a module, 6-20
passwords, 4-9, 5-13, 6-60
users, 5-14, 6-21
listed, 6-21
Restricting access
STREAMS driver or module, 3-11
RFC 2138, 5-21, 5-30
S
s$get_registration_info, 7-2
s$perform_ext_authentication, 7-8
Searching
ACLs, 1-4
DACLs, 1-4
Security
government standards, 1-1
logs, 4-9, 6-55
managing, 4-1
overview of, 1-1
violations
auditing, 5-7
notifying, 6-30
security event type, 5-7
security_admin command, 5-2, 6-55, 6-55
security_log.(date) file, 5-1, 6-30
messages, 5-3
Selectable events, 5-6, 5-7
Service processes, 6-1
set_object_audit command, 5-7, 6-57
set_password_security command, 4-9,
4-11, 5-13, 6-60
set_priority command, 6-65
set_process_audit command, 5-7, 6-67
set_registration_info command, 6-70
Sharing access lists, 3-15
Special sessions, 6-20
Specifying
master module, 6-12
password expiration, 6-21
priority levels, 6-65
process priority, 6-65
Index-7
Index
U
Undefined access, 1-4
undefined access, 3-3, 3-5
Unique user names, 6-43
Unknown group access, 3-6
UPDATE USER INFO screen, 6-38
update_password_info command, 6-72
Updating
password information, 6-72
registration database
changing a module name, 4-12
changing a system name, 4-12
user registration information, 4-8
user_registration.sysdb file, 3-17, 6-39
Users, 1-3
access rights to objects, 3-1
adding, 4-4, 6-40
in a batch process, 6-49
screen for, 6-43
auditing, 5-7
changing passwords of, 4-8, 6-46, 6-70
deleting, 4-7, 6-48
in a batch process, 6-49
determining access for, 1-4
groups, 1-2
limitations on group membership, 2-1
listing registered, 4-9, 6-17, 6-53
maximum on a module, 5-13
names of, 1-2, 5-21
aliases, 6-43
star names in, 1-3
validating, 4-2
preregistered, 1-5
registering, 4-1, 6-37
records of, 4-8
representing all groups of, 1-3
representing all members in a group, 1-3
representing all registered, 1-3
restricting, 6-21
maximum login attempts for, 6-22
total number on a module, 6-20
Index-8
W
wait_for_overseer command, 6-73
wait_for_tp_overseer command, 6-74
write access, 3-3, 3-9, 3-13
Customer Survey
Please rate the quality of this manual in each of the following areas.
Strongly
Agree
Agree
Neutral
Disagree
Strongly
Disagree
Technical Accuracy
The product works as described in the manual.
Completeness
The information is complete.
Clarity
The information is easy to understand.
Fold
Organization
The information is easy to find.
Figures
The figures are clear and useful.
Examples
The examples are clear and useful.
Index
The topics lead to the information that you need.
Physical Appearance
The format of the manual enhances readability.
Effectiveness
The manual helped you to perform your job.
Fold
Is there any information that you would like to have added to this manual? If so, where would it be most helpful?
New information that you would like to have added
Location
____________________________________________________
___________________
____________________________________________________
___________________
Would you like to see more examples in this manual? If so, where would they be most helpful?
New examples that you would like to have added
Location
____________________________________________________
___________________
____________________________________________________
___________________
Did you find errors in this manual? If so, please note the problem(s) and the location in the manual.
Any inaccuracies that you found in this manual
Location (page/paragraph)
____________________________________________________
___________________
____________________________________________________
___________________
Customer Survey
R283-04
7
Would you please complete the following information so that we may better understand who reads our manuals?
Name: ____________________
Title: ____________________
Company: _________________________
Fold
PERMIT NO. 3
MAYNARD, MA
NO POSTAGE
NECESSARY
IF MAILED
IN THE
UNITED STATES
Fold